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Abstract 

In this paper we revisit some pioneering efforts to equip Petri nets with compact operational models 
for expressing causality. The models we propose have a bisimilarity relation and a minimal repre¬ 
sentative for each equivalence class, and they can be fully explained as coalgebras on a presheaf 
category on an index category of partial orders. First, we provide a set-theoretic model in the form 
of a a causal case graph , that is a labeled transition system where states and transitions represent 
markings and firings of the net, respectively, and are equipped with causal information. Most im¬ 
portantly, each state has a poset representing causal dependencies among past events. Our first 
result shows the correspondence with behavior structure semantics as proposed by Trakhtenbrot 
and Rabinovich. Causal case graphs may be infinitely-branching and have infinitely many states, 
but we show how they can be refined to get an equivalent finitely-branching model. In it, states only 
keep the most recent causes for each token, are up to isomorphism, and are equipped with a sym¬ 
metry, i.e., a group of poset isomorphisms. Symmetries are essential for the existence of a minimal, 
often finite-state, model. This first part requires no knowledge of category theory. The next step 
is constructing a coalgebraic model. We exploit the fact that events can be represented as names, 
and event generation as name generation. Thus we can apply the Fiore-Turi framework, where the 
semantics of nominal calculi are modeled as coalgebras over presheaves. We model causal relations 
as a suitable category of posets with action labels, and generation of new events with causal de¬ 
pendencies as an endofunctor on this category. Presheaves indexed by labeled posets represent the 
functorial association between states and their causal information. Then we define a well-behaved 
category of coalgebras. Our coalgebraic model is still infinite-state, but we exploit the equivalence 
between coalgebras over a class of presheaves and History Dependent automata to derive a com¬ 
pact representation, which is equivalent to our set-theoretical compact model. Remarkably, state 
reduction is automatically performed along the equivalence. 
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1. Introduction 


Petri Nets are a well-known graphical and formal notation for representing concurrent com¬ 
putations. An interesting aspect of Petri Nets is that they allow for the representation of causal 
dependencies among actions. This kind of information can be useful for debugging distributed sys¬ 
tems or for tracing expected or unwanted causal dependencies, and it is usually not provided by 
interleaving models. 

In order to carry out verification on Petri nets, it is convenient to have an operational model, 
that is a model representing single steps of computation and their observable actions. In Petri 
nets, steps are typically firings and actions are action labels of transitions. One important class of 
operational models for Petri Nets are behavior structures 27]. They are automata where each state 
is equipped with a partial order over events: events represent different occurrences of actions and 
the poset describes causal dependencies among such occurrences. Behavior structures come with a 
notion of behavioral equivalence, which later has been called history preserving bisimilarity [IT]. 

Other causal models, such as event structures pdj . do not come with a built-in operational 
notion of bisimilarity. Such a notion is essential to compute minimal models, where all states 
with the same behavior are identified. Open maps [16] can be used to derive hereditary history 
preserving bisimulations (HHPBs), but the existence of minimal representatives is not guaranteed 
by that theory. Indeed, the general agreement is that HHPB is more suited to capture concurrency, 
whereas the non-hereditary version deals better with causality. The latter equivalence is coarser, but 
still causality is informative enough to characterize key security properties, such as non-interference 
y. Moreover, the non-hereditary equivalence has better decidability properties than the hereditary 
one fl4j . 

The main issue with causal operational models is that they often have infinitely many states, so 
model checking is unfeasible. This is indeed the case of behavior structures, where posets of states 
are enlarged at each transition, because a new event for the corresponding action is generated. Even 
if we minimize w.r.t. bisimilarity, there is no way of throwing away “useless” events or decreasing 
the size of posets. 

In this paper we present an approach to obtain compact, and in many cases finite, operational 
models for causality in Petri nets. They will be presented in two “flavors”: a set-theoretic and a 
categorical one, based on coalgebras 22, l|. In addition to the theoretical and practical interest of 
reconducting our problem to unifying and well studied models such as coalgebras, we emphasize 
that our coalgebraic model is simpler than the set theoretical one. In fact, even if deriving a naive 
set-theoretic model from a Petri net is not difficult, the technical development required to obtain a 
compact model is quite involved and requires some ingenuity. Instead, in a categorical setting, this 
machinery will become remarkably simpler and natural. Actually, in a precise sense, the construction 
of the compact model will be automatic, thus providing a mathematical justification of the otherwise 
ad hoc set-theoretic constructions. 


1.1. Set-theoretic models 

After some preliminaries on Petri nets and the presentation of a running example in Isection 2l 
in lsection 31 we model the behavior of a labeled Petri net as a causal case graph (CG). Recall that 
a case graph is a labeled transition graph where states are markings and transitions are steps, 
representing many firings happening simultaneously. In causal case graphs, transitions are single 
firings, and causal data are used to encode information about concurrency. More precisely (see 
IDefinition 3.31 where CGs are called “concrete” as opposed to “abstract” CGs, introduced later): 
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• states are of the form O > c, where: O is a poset describing causal dependencies among a finite 
collection of events; c is a marking where each token is decorated with its causes, i.e. the set 
of events that led to its creation (included in O ); 

Kt-e a 

• the transition relation is written -where: K is the set of most recent causes of tokens 

that enabled the firing; e is a fresh event, different from all those occurring in the source state; 
and a is the action label of the fired transition. 

We define a notion of bisinrilarity for CGs where causal information plays a key role: only states 
with the same causal dependencies among past events, namely the same poset, are compared. This 
fact is crucial for the equivalence with history preserving bisimilarity described in Isection 4l 

Another important aspect is that transitions draw fresh events from an infinite set of event 
names. For each firing, we have infinitely many transitions in the CG, one for each possible fresh 
event. In this way we implement event generation in the same way name generation is represented, 
e.g., in nominal calculi. This fact will be crucial for our categorical models. 

We, then, derive three consecutive refinements of the CG, described in lTablcTl each improving 
the CG on one aspect: 

CG A c ([Definition 3.81) : the transition relation becomes finitely branching, because we don’t dis¬ 
tinguish between posets with the same structure. In fact, it is enough to generate one canonical 
event, instead of all possible ones, for each firing. Consequently, states contain canonical rep¬ 
resentatives of events and only the action label of the new event is recorded in the transition. 

CG IC (IDefinition 3.171) : removing all but immediate causes, and identifying isomorphic states, 
may significantly reduce the state space, and even make it finite. 

CG IC s (jPefinition 3.27]) : we equip each state with a set of isomorphisms acting as the identity 
on the state. These isomorphisms must form a symmetry, i.e., a group of automorphisms, on 
the state’s poset. Transitions are reduced accordingly: we select one representative for each 
collection of “symmetric” transitions. Two transitions are symmetric whenever they can be 
obtained from each other via isomorphisms belonging to the symmetries of source and target 
states. Symmetries allow for the computation of minimal models, because CGs that are not 
isomorphic, but bisimilar under a given isomorphism, have a unique minimal realization, where 
that isomorphism becomes part of the symmetry of a state. 

These steps do not change the overall semantics (Theorems 13.121 and 13.2211 . 

Finally, in ITheorem 4.61 we establish a connection between CGs and behavior structures. 

1.2. Categorical models 

In the second part of the paper (Sections [5][7]) we assume the reader has some familiarity with 
category theory. Some preliminaries about presheaves and coalgebras are recalled in Isection 5l 

Coalgebras are convenient models of dynamic systems. Their theory is rich and well-developed, 
and many kinds of systems have been characterized in this setting. Coalgebras are also of practical 
interest: minimization procedures such as partition refinement [171 ] can be defined in coalgebraic 
terms (see, e.g., !)• This further motivates the coalgebraic framework: algorithms implemented at 
this level of abstraction can be instantiated to many classes of systems. 

Our coalgebraic causal model of Petri nets, presented in Isection 61 is based on the fact that we 
represent events as names and event generation as name generation, in the style of nominal calculi. 
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States 

Transition relation 

Causal case graph (CG) 

O > c 

• O is a finite poset describing causal depen¬ 
dencies among events 

• c is a marking including causes for each token 

K\-e a 

• K is the set of most recent causes of tokens 
consumed by the transition 

• e is a fresh event 

• a is the fired transition’s action label 

Abstract CG (CG ac ) 

O > c 

• O is a canonical representative of isomorphic 
posets 

• c contains canonical events 

K\-a 

• K as in CG 

• a is the action label for the canonical fresh 

event 

Immediate causes CG (CG IC ) 

0 ► c 

• O and c contain only the most recent causes 
w.r.t. each token (immediate causes) 

• each state is a canonical representative of iso¬ 
morphic states 

,K\-a 

hr 

• K and a as in CG ac 

• ft is a map telling how events in the target 
state correspond to those of the source state 

Immediate causes CG with symmetries (CGics) 

0 ►$ c 

• O and c as in CGic 

• <!> is a symmetry on 0 

..K\-a 

hr 

• K,a and ft as in CGic 

• transitions are canonical representatives of 
“symmetric” ones 


Table 1: Set-theoretic models. 
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This allows us to construct a coalgebra where states are equipped with nominal structures, namely 
causal relations between events, and event generation is explicit, along the lines of [bl . The key 
idea is to define coalgebras over presheaves , that are functors from a certain index category C to 
Set, the category of sets and functions. Presheaves formalize the association between a collection of 
names, seen as an objects of C, and a set of processes within Set, indexed by names of the collection. 
Fresh name generation can be formalized as an endofunctor on C, that is lifted to presheaves and 
used in the definition of coalgebras. 

We take as index category for presheaves a suitable category of labeled posets up to isomorphism, 
representing causal relations between events decorated with actions. This category provides us with 
the needed structure to model operations over causal relations. In fact, we use colimits to implement 
a well-behaved functorial model of event generation, which augments a given poset with fresh events 
and relations to their causes. Our definition ensures that its lifting to presheaves, when used to define 
coalgebras, yields a category of coalgebras with a final object and a final semantics in agreement 
with coalgebraic bisimilarity. This is essential for a correct notion of minimal model. Then, we define 
a presheaf of causal markings, yielding, for each poset, the set of causal markings whose causes are 
“compatible” with that poset. We construct a causal coalgebra by translating the abstract CG. The 
important result is that coalgebraic and ordinary bisimilarity are equivalent (ITheorem 6.161) . 

The infinite state issue still exists in the causal coalgebra, because the poset of a causal marking 
keeps growing along transitions. However, if the presheaf of states is “well-behaved”, according 
to 10], it is always possible to recover the support of a causal marking, that is the minimal poset 
including all and only events that appear in the marking. This is the key condition for the equivalence 
between presheaf-based coalgebras and History Dependent (HD) automata 21]. 

HD-automata are coalgebras with states in named-sets 0 , that are sets whose elements are 
equipped with symmetry groups over finite collections of names. They have two main features: 


• a single state can represent the whole orbit of its symmetry, namely all the states reachable 
via poset isomorphisms; 


• the names of each state are local , related to those of other states via suitable mappings. 

Both features are important for applying finite state methods, such as minimization and model¬ 
checking, to nominal calculi. In particular, the latter point captures deallocation: maps between 
states can discard unused names and “compact” remaining ones, much like garbage collectors do for 
memory locations. A minimization procedure for HD-automata for the (finite-control) 7r-calculus 
has been shown and implemented in [l3 ]. 

Interestingly, we are able to define the presheaf of causal markings in a way that computing the 
support corresponds to discarding all but the immediate causes. Therefore, in Isection 7l we show 
that the aforementioned equivalence amounts to deriving the immediate causes CG. Actually, it 
also equips states with symmetries, achieving the last refinement step. We emphasize that such 
equivalence is completely standard in the theory of nominal calculi. In our case, it is extended 
to labeled posets and allows the automatic derivation of an HD-automaton over a named set of 
minimal causal markings. 


2. Basic definitions and running example 

Given a set of labels L, we call L-labeled poset (or just labeled poset, when L is clear from 
the context) on a set S' a triple O = ( Xo , =S O j lo ), where Xq £ S, <o is a reflexive, transitive 
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and antisymmetric relation on Xo and lo'-Xo -* L is a labeling function. A morphism of labeled 
posets O -*■ O' is a function cr.Xo -*■ Xo> that preserves order and labeling, namely x <o V implies 
ct(x) 4o r cr(y) and lo = lo ,o a. We say that a reflects order whenever a(x ) <o r n(j/) implies x <o y\ & 
is an order-embedding whenever it both preserves and reflects order. Notice that isomorphisms reflect 
order, because their inverses preserve order, and it can be easily checked that order-embeddings are 
always injective. To simplify notation, we sometimes regard O as a poset on S x L, we write \0\ for 
the underlying set of pairs and Xi e Xo x L for the pair (x,l) e \0\. A set I\ £ \0\ is down-closed 
w.r.t. O whenever y s K and x <o U implies x e K. We say that a poset O is a prefix of O' if O is a 
subposet of O' and \0\ is down-closed w.r.t. O'. 

In this paper we consider the following kind of Petri nets, which we call just nets. 

Definition 2.1 (Net). A net is a tuple ( S,T,F,l ) where: 

• A is a set of places and T is a set of transitions, with S n T = 0; 

• F £ (S x T) u (T x S) is the flow relation ; 

• l: T -*■ Act is a labeling function, where Act is a fixed set of action labels. 

If x € S u T then *x = {y \ (y, x) e F} and x* = {y \ (x, y) e F} are called the pre-set and post-set 
of x, respectively; for all t € T, we assume *t,t* + 0 . A marking m is a multiset over S. A transition 
t 6 T is enabled at marking m if s € m, for all s 6 *f, in which case it can fire, written m [t) m!, i.e., a 
new marking m! = ( m \ *t) u t* is produced. We say that a net is marked whenever it has an initial 
marking mo. We denote by [?no) the set of markings reachable from too by a (finite) sequence of 
firings. 

We require that elements of initial markings have multiplicity one. This implies that mo is 
actually a set, in agreement with the fact that pre-sets and post-set in nets are sets, meaning that 
they can only consume one token at a time from a given place. In typical P/T nets transitions may 
consume many tokens from the same place, but this difference is inessential for the development of 
our theory. 

Running example. As a running example, we will use the marked net defined as follows: S = 
{si, S 2 }, T = {t\,t 2 ,to}, F includes (si,ti),(si,tfi) (for i = 1,2) and symmetric pairs, and l(t 1 ) = 
l{tfl) - a, l(t. 3 ) = b. The initial marking is too = {si,S 2 }- This net is depicted below: circles denote 
places, squares denote transitions, edges describe the flow relation, and filled circles indicate the 
position of tokens in ?rio. Notice that [too) = {too}. 



3. Causal semantics for Petri nets 

In this section we introduce our causal labeled semantics for nets. It will be in the form of a 
causal case graph (CG in short), that is a labeled transition graph whose states are markings with 
causal information and transitions represent firings. We start from a naive CG, derived from a given 
net in the simplest way, and then we give three subsequent refinements that will lead to a compact 
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and, in some cases, finite-state CG. Throughout this section we fix a net N = ( S,T,F,l ) and we 
assume that an infinite set £ of event names (or just events) is available. 

The key idea is to equip markings with information about the occurrences of actions that led 
to the creation of each token. An occurrence of a transition labeled by a e Act is represented as an 
Act-labeled event e Q . Formally, a causal marking c is a set of the form 

{Ki \- Si,..., AT„ t— s„} 

where Ki £ Vf(£ x Act) is the set of causes of Sj e S, for i = 1,... ,n. More specifically, if e a € Ki 
then the sequence of firings that generated the token includes a transition with action label a. We 
write JC (c) for A'i u • • • u K n and |c| for the underlying marking {si,..., s„} of c. Given a marking 
m and K £ Vf(£ x Act), K h- to is the causal marking obtained by assigning causes K to each s 6 to. 

Transitions of our CGs will generate new events and their causal dependencies. In order to 
keep track of these data, we equip causal markings with Act-labeled posets, describing the causal 
relations between events which are occurrences of past actions. 

Definition 3.1 (P-marking). A P-marking is a pair O > c, where c is a causal marking and O is a 
finite Act-labeled poset on £ such that: if K s e c then K is down-closed w.r.t. O. 

Down-closure requires each set of causes to contain the whole “history” of its events, as described 
by O. Nevertheless, O may contain events that are unrelated to or caused by those of £Xf{c), but 
that are not among them. 

Posets will have different purposes in the different classes of CGs we are going to introduce: they 
will be used to record either all the events happened so far or the “most recent” ones. The shape 
of P-markings will not change, but there will be additional requirements on their components. 

We introduce a useful operation on P-markings. Their posets can be enlarged by adding events 
from which existing events causally depend on, but a closure operator must be applied, in order to 
retain down-closure of sets of causes. 

Definition 3.2 (Closure operator). Given K £ \0\ and O' such that O is a subposet of O', the 
closure of K w.r.t. O' is given by 


Kio> = U {y 6 \°'\ I v *o' x} 

xeK 

Its extension to causal markings is (K i- s)|o< = AT!o' h s and acts element-wise on sets. 

Given a P-marking O > c and O' 2 O, it can be easily verified that O' > cfo' is a proper 
P-marking. 

3.1. Concrete CG 

The first step is deriving a CG from the net. Its states are P-markings O > c such that O 
contains the whole history of past events and transition labels are of the form AT t- e a , meaning 
that an a-labeled transition t is fired: e 0 is an event fresh w.r.t. all the previous ones (i.e., those 
in O) and AT is the set of most recent causes associated to tokens that enabled t. We call this CG 
concrete because posets with the same structure but different event names are distinguished. 
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Definition 3.3 (Concrete CG). The concrete CG (CGc) is the smallest CG generated by the 
following rule 

t 6 T |c| = *t a = l(t) e e £ \ Xq K = maxo JG (c) 

K\-e» 

O > cue' -* 6(0, K, e a ) > (d(f (c) u {e Q } h f*) u d 

where rnaxo K, for K £ |0|, is the set of maximal elements in K according to O, and 6(0, K,x) = 
(O u (K x {x}))*. 


Given a P-marking, the rule above checks whether it includes a causal marking c such that its 
underlying marking is the pre-set of a transition t (|c| = *f). If this is the case, t is turned into a CG 
transition whose label I\ i- e a is formed by the maximal causes K of c w.r.t. O and by a labeled 
event e a , where e does not occur in the source poset (e £ £ \ Xo )■ The target state is obtained by 
replacing c with the tokens produced by the firing, each equipped with the whole set of causes of 
c plus the new event e a ■ Since e a is causally dependent on the causes of c, the poset in the target 
state is updated with new pairs representing such dependencies by taking 6(0,K,e a ). 

Note that event generation is similar to name generation in nominal calculiJjFor instance, in a n- 


calculus extrusion transition (y)xy.p 


p[ z /y\ we observe a free name x and a fresh name z, which 


K\-e a 

then becomes free in the continuation. Analogously, in a transition O > c -A 6(0,K,e a ) > c' 

the elements of K are “free” events, in the sense that they occur in c, and e is a fresh one, which 
is then added to the continuation. As in the 7 r-calculus, event generation causes CGc to have 
infinitely-many states and to be infinitely-branching , because there are infinitely-many transitions 
and continuations from any state, differing only for the identity of the fresh event. 


Remark 3.4. Even if initial markings are sets, firings may eventually produce a proper multiset, for 
instance when a transition puts a token in a place s that is already marked. Instead, our causal 
markings are sets: they can never contain two occurrences of K i- s, for any K. In fact, suppose 
the first of the described firings becomes a CG transition that goes to a P-marking including K s. 
Then, since the second transition fires later, it will generate an event e a t K and a target P-marking 
that includes both K v- s and a new K' h- s such that e a e K', so K + K'. 


Example 3.5. |Figure l] depicts some transitions of the CGc for the running example. It shows only 
the reachable part from 0 > 0 h m o, up to a certain depth. Each state has three kinds of outgoing 
transitions, corresponding to the three net transitions. The figure only shows one transition for each 
kind, but there are actually infinitely many ones, one for each fresh event. 


We now introduce bisimulations for CGc- 


Definition 3.6 (Concrete causal bisimulation). A concrete causal bisimulation (C-bisimulation in 
short) is a family of relations {-Ro} on P-markings, indexed by Act-labeled posets, such that: 

• whenever (Oi > c\, O 2 > C 2 ) 6 Ro then 0\- O 2 - O; 

—g |_g 

• whenever (O t> C\,0 > C 2 ) e Ro and O > c\ -A O' c> c[ then O > C 2 -A O' t> d 2 and 

(O'> cl, O'>4) 6 Rq' (and viceversa). 

The concrete causal bisimilarity is the greatest such family and is denoted by ~ c - 


1 The relationship between ir-calculus and causality has been investigated in Q. 











{e»}>-e'a 


{e a < e' a j > {{e a , e' a j h s 1; 0 h- s 2 } 


{e a }i-e' b 



0i-e' a 


{e a } > {{e a } h s!,0 h s 2 }-> {e a < e b } > {{e a ,e' b } h si,{e 0 ,e b } h s 2 } 

{ e a,e' a } > {{e a } t— si, {e' a } h s 2 } 

{e b < e'J > {{e 6 , e^J 1 - s u {e b } v- s 2 } 


{e b }l— 


{eb}*-e' b 



{ e b}>~e' a 


{e b « e^} > {{e fc } h si,{e 6) <} 1- s 2 } 
{e a ,e' a } > {{<} h Si,{e a } 1- s 2 } 


{eaji-e'i, 


{e a } > {0 1 - Si,{e a } H s 2 }-> {e a ^ e b } > {{e 0 ,e' b } h si,{e a ,e b } 1 - s 2 } 

{ea}>~e'a 

{e a =? e' a j > {0 H si,{e a ,e' a j t- s 2 } 


(Vee£) 


(Ve' e £ \ {e}) 


Figure 1: CGc for the running example (initial fragment). 
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3.2. Abstract CG 

We now introduce an abstract CG, where we only take posets up to isomorphism. We write [0] s 
for the isomorphism representative of O, and we call it abstract poset. We call abstract a P-marking 
of the form [0]=; > c. 

Given an abstract poset O, K £ \0\ and a e Act, we assume the following operations: 

• 6(0, K, a), generating [6(0, K,e a )]=, for any e a ; the actual identity of e a is not relevant, 
because of the quotient up to isomorphism; 

• new(0,K,a), giving the unique new event in <5(0, K, a); 

• the morphism old(0,K,a), embedding O into <5(0, K, a); 

These operations can be used to define the extension of cn O -»• O' (with O, O' abstract posets) to 
a morphism a + K a :6(0,K,a) -*■ 6(0',a(K),a) given by 

+ I new(O r ,cr(K),a) x = new(0,K,a) 

K ’° (old(0',a(K),a)(a(y)) x = old(0,K,a)(y) 

The intuition is that a + K a does not mix up old and new events: it acts “as” a (modulo suitable 
embeddings) on events that were already in O, and maps the new event in 6(0, K, a) to the new 
one in 6(0',a(K),a). To ease notation, we will just write <r + when K and a are clear from the 
context. 

Example 3.7. Suppose 0\ = {x a ,x' b } and O 2 = { y a , , y" } are discrete abstract posets, and let 
cr.Oi -*■ O 2 map x a to y a and x' b to y' b . Let x z (resp. y z ) be the image of x z via old(0,{x a ,x' b },d) 
(resp. via old(0',{y a ,y' b },d)), for 2 € {a, b). Then we have 


<5(Oi, {x a ,x' b } ,d) = 


new(Oi,{x a ,x b },d) 



6(02,{y ai y' b },d ) = 


new(0 2 ,{y ai y&M) 



ya y' b 


where arrows represent ordered pairs (reflexive pairs are omitted). Then er + : <5(0i, {x a , x' b }, d) -*• 
6(02,{ya, y' b },d) maps x a to y a , x' b to y' b and new(0,{x a ,x b },d) to new(0 2 , {y a , y' b }, d). 

We now introduce the abstract CG. Its states are abstract P-markings and its labels have the 
form K f- a. Labels have the same meaning as in CGc, but here there is no need to observe the 
generated event: it will always be new(0,I\,a), if O if the source P-marking’s poset. 

In order to translate concrete P-markings, and their transitions, to their abstract counterparts 
in CGac, we fix an abstraction isomorphism ao'-O -*■ [0] s , for each poset O, giving a canonical 
representative of each event in O. In the following we write ||x||o for the “abstract version” of 
x, namely xao■ We also introduce an operation ||c|o,if,e 0 - It will t> e applied to causal markings c 
appearing in continuations of transitions of CGc, namely those P-markings of the form 5(0, K, e a ) > 
c. Intuitively, given a transition in CGc, the operation ||-||o,/c,e Q applies the abstraction isomorphism 
of the source P-marking to its continuation, so that events of source and continuation are consistent 
with each other and the fresh event generated by the transition always becomes the canonical new 
one. Formally, ||c||o,/f,e a is defined as follows: events in O are mapped via ao and then embedded 
into [<5(0, I\, e a )]= via old([0]^,\\K\\o,a) (notice that [<5(0, I\, e a )]= = <5([OJ s , ||/t'||o,a), because 
they are isomorphic); and e a is embedded into [<5(0, I\, e a )]= as nerc([0] s , ||A'||o,a). 
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Definition 3.8 (abstract CG). The abstract CG (CGac) is the smallest CG generated by the 
following rule 

_ 0>c^^5(0,K, e a )>c' _ 

[0]s > ||c||o 11 AIO “> 5([0] s , \\K\\ 0 ,a) > \c'\ 0 ,K,e a 

The most important fact to notice is that CGac is finitely branching. In fact, even if there are 
infinitely-many concrete P-markings that generate the transitions of an abstract P-marking O > c, 
they are all isomorphic. To see this, take any two P-markings 0\ > Ci and O 2 > C 2 such that 
IICi ||Oi - IIC 21 |o 2 = c - Then we have c = cicc^ = C 2 «q^ so c 2 = c i (T j where a is the isomorphism 
a Ch ° a Oi- The following lemma states the correspondence between transitions of such P-markings. 

K\-e 

Lemma 3.9. Let a-0\ -*■ O 2 be an isomorphism. Then 0\ > ci- ->■ S(Oi,K,e a ) > c( if and only 

if 0 2 > Cicr a< ' K)He a > 5(0 2 ,a(K),e' a ) > cio-[</e 0 ], for any e '{ Xq 2 . 


If we take any two transitions of 0± > Ci and 0 2 > c 2 that correspond by this lemma, and we 
apply the rule in [Definition 3.81 to them, it can be easily verified that we get the same transition, 
no matter the choice of e a and e' a . Therefore, all the infinitely-many P-markings whose abstract 
version is O > c generate precisely the same transitions of O > c, and transitions that differ for the 
choice of the fresh event are all identified. This means that CGac is finitely-branching. 

There is again a similarity with the 7 r-calculus. A well-known technique to make the 7 r-calculus 
LTS finitely-branching is to only take ct-equivalence representatives. For instance, if ( yfxy.p is 


_ x(y) 

such a representative, then the transition (y)xy.p -> p is enough to represent all the analogous 

transitions from a-equivalent processes. We can also omit y from the label, because its identity 
uniquely depends on the free names of (y)x y.p. This is similar to the presentation of the 7 r-calculus 


using abstraction and concretion operators 23, 4.3.1]. Here a transition from (y)xy.p is labeled by 


x and goes to the concretion ( vy)p , where y is bound. Incidentally, this presentation naturally arises 
from the coalgebraic semantics of the 7r-calculus 0 , and its implementation in logical frameworks. 


Example 3.10. The CGac for the running example can be represented again by |Figurc 1| If we 
assume that depicted posets are abstract (i.e., translation maps from concrete to abstract posets 
are identities) then, in order to get a CGac, we just have to remove the universal quantification 
over events, and also remove the generated event from the label. The result is a finitely-branching 
CG, where each state has only one transition for each net transition. The state-space is still infinite, 
because posets keep growing along transitions. 


Definition 3.11 (Abstract causal bisimilarity). An abstract causal bisimulation (AC-bisimulation 
in short) is a family of relations {l?o}, indexed by abstract posets, such that: 

• whenever (Oi > ci, O 2 > C 2 ) e Ro then Oi = O 2 = O; 

• whenever (O > ci,0 > C2) e Ro and O > C\ ==> O' > c[ then O > c 2 ==> O' > c' 2 and 
(O' t> c[,0' t> c 2 ) € Ro’ (and viceversa). 


The greatest such relation is denoted by ~ac- 


We have the following correspondence between ~ c and ~ac- 
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Figure 2: Example net. 


Theorem 3.12. Let O > C\ and O > C 2 be (concrete) P-markings. Then O > c\ ~c O > c<i if and 
only if [0]= > ||ci||o ~ac [ 0 ] = > ||c 2 ||o- 

We list some closure properties, which will be important in the following. 

Proposition 3.13. Transitions of CGac are preserved and reflected by order-embeddings cr-O -*■ O', 
that is: 

(i) If O > c 5(0, K, a) > c' then O' > (cct)Io' ( } » 5(O r ,a(K),a) > (c'a + )i 5 ( 0 ',a(K),a) 
(preservation); 


(ii ) If O' t> (ca)io' C > 5(0', K', a) > d then there are K and c" such that cr(K) = K’, 
(c" ,K',a) ~ c ' an d O > c 5(0, K, a) > c" (reflection). 

The definition of preservation and reflection are quite involved, due to the presence of event 
generation and the need of applying the closure operator to compute proper continuations. We will 
see that the categorical counterparts of these properties will be remarkably simpler. 

Example 3.14. We motivate the requirement of order-reflection by showing that transitions of 
CGac are not reflected by functions without such property. 

Consider the marked net of |Figurc~ 2 | We can derive its CGac as shown for the running example. 
In it, from the initial P-marking 0 > {0 \- si, 0 i- s 2 } we can reach the transition 


{e a ,e' b } > {{e a } h ri,{e' h ) 


i 1 e tM e b l 1-c r .///,//-,. r r / . -i 

M > [e a =« e c , e b 3 e c } > {{e a , e b , e c } h s 3 } 


Consider the function a:{e a ,e b j -> {e a < e' b }, mapping events to themselves. Clearly a does not 
reflect posets. If we apply a and then l{ ea <e ' b } to the source P-marking we get 

{e a < e' b j > {{e a } h n, {e a , e' b } i- r 2 } 


but its c transition is 


{e a < e' b } > {{e a } i- r 1 ,{e a , e' b j h r 2 } 


Wh }*- 0 


{e a < e" =? e'J > {{e a , e' b , e"} h s 3 } 


because only e' b is maximal. However, this transition cannot be obtained from the one of {e a ,e^} c> 
{{e a } t- r\,{e' b } r 2 } via an application of a. 

The following theorem is a consequence of [Proposition 3.13| 

Theorem 3.15. ~ac is closed under order-embeddings. Explicitly: for all order-embeddings cr-O -> 
O', we have O > c ~ac O > c' if and only if O' > (ca)lo 1 ~ac O' > (c'a)[o’ ■ 














3.3. Immediate causes CG 

We now introduce a further refinement of CGac, called immediate causes CG (CGic): we keep 
only immediate causes , i.e., causes that are maximal w.r.t. at least one of the tokens, and we identify 
isomorphic states. Immediate causes of a causal marking w.r.t. a poset O are given by 

ico{K i- s) = maxo(K) ico(c\ UC 2 ) = ico(ci) iuco(c 2 ) 

We define isomorphism of P-markings as follows: O > c = O' > c' if and only if there is an isomorphism 
cr-O -* O' such that ca = c'. We denote by [O > c]= a chosen representative for the isomorphism 
class of O > c. 

Definition 3.16 (Minimal P-marking). A minimal P-marking O^-c is an abstract P-marking such 
that: 


• |0| = JT(c); 

• for each K 1 - s € c, K £ ico(c); 

• it is a canonical isomorphism representative, i.e., O ► c = \0 > c] s . 


Consider an abstract P-marking O > c. In order to compute the corresponding minimal P- 
marking [O > c], we first take immediate causes for each token. Then, since the resulting P-marking 
may not be abstract, we take its canonical isomorphism representative. Formally, let 0\ be O 
restricted to ico(c), then 

\0 > c] = [Oj > normoj (c)] s 

where normo(K 1 - s) = K n |Oj | h s and has an element-wise action on sets. We denote by (O > c) 
the map [Oi]= -»■ O obtained by composing a chosen isomorphism [Oi]= -*■ Oi and the embedding 
() : ->(). 


Definition 3.17 (Immediate causes CG). The immediate causes 
generated by the following rule 


Q>c =>_ O' > c' 

O + ch^lO^c'j 

(O r >c') 


CG (CG IC ) is the smallest CG 


This rule relies on the fact that minimal P-markings are also ordinary ones, so it takes the 
transition in CGac from a minimal P-marking, replaces the continuation O' > c' with its minimal 
version \0' > c'] and, in order to keep track of the original identity of events, equips the transition 
with a history map (O' > c'), mapping canonical events to the original ones. In particular, the one 
with image new(O r ,K,a) is the fresh event generated by the original transition. 

The CGic has a finite state-space in many cases. We give a sufficient condition on the net from 
which the CGic is generated. 


Proposition 3.18. Given a net N with initial marking mo, if [mo) is finite then the corresponding 
CGic, reachable from 0 ► 0 1 - mo, has a finite state-space. 
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Example 3.19. In order to derive a CGic for the running example, we take the P-markings of 
|Figurc 1] and we compute their minimal versions. For instance, we have 

{e b =5 e' b } > {{e b ,e' b } h s 1 ,{e b ,e' b } h s 2 } 

immediate causes 

canonical representative 

{e b } ► {{e fc } h si, {e b } f- s 2 } 

because we assumed that {e b } is an abstract poset. Notice that the resulting P-marking is already 
in |Figurc f| This is a crucial fact: minimization identifies many states and in some cases it even 
produces a finite state-space, as stated in [Proposition 3.18| This is indeed the case for the running 
example. 

|Figure 3| shows the part of the running example’s CGic that is reachable from {e b } ► {{e b } i- 
Si,{e&) i- s 2 ). Most history maps are irrelevant, so they are omitted. Notice that in the CG A c, 
from this P-marking, there are infinitely many transitions with action b. These all become a single 
loop over the same P-marking in the CGic; the associated history map h\ tells that e b , after the 
transition, represents the most recent event, and that the previous event is discarded. Analogously 
for the two loops over {e a ,e' a } ► {{e a } i- s\{e' a } h s 2 }. The interesting fact to notice is that our 
definition of h 2 and /13 is not the only possible one. For instance, we could exchange the images of 
e a and e' a in the definition of h 2 . This is due to the fact that {e a ,e' a } has an automorphism that 
swaps e a and e' a . 

Remark 3.20. The generation of the CGic from a net has been performed in two steps for the sake of 
clarity, but we can easily imagine an algorithm that performs it in a single step and incrementally. 
Given any P-marking, this is turned into a minimal one by taking immediate causes and then 
its canonical representative. Then outgoing transitions are computed from this P-marking, and 
the algorithm is applied to their continuations. Notice that minimizing a P-marking may yield a 
previously computed one: in this case the algorithm is not reapplied on that P-marking. 

The notion of bisimilarity for CGic is more involved: while, given two P-markings, we may find 
a common poset for them (if any), which enables them to be compared w.r.t. ~ A c, this is not always 
possible for posets of minimal P-markings. In other words, events in ordinary P-markings have 
a global identity, while those in minimal P-markings have a local identity. Therefore, we need to 
introduce an explicit correspondence between them. This correspondence can be a partial function, 
because some events may not be observable. 

Definition 3.21 (Immediate causes bisimilarity). An immediate causes bisimulation R (IC- 
bisimulation in short) is a ternary relation such that, whenever (0 1 ► ci, cr, 0 2 ► c 2 ) e R: 

• a is a partial isomorphism (i.e., an isomorphism between subposets) from Oi to 0 2 ; 

• if Oi ► ci f==> 0[ ► ci then cr is defined on K, and there are 0 2 ► c 2 |===> 0' 2 ► c' 2 and a' 

h\ h-2 
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{e b }\-a 


{e ' a }\-a 


{e b })-b 

fin 



{e a }i -a 
^2^ 


{e' a }\-a 


u 

{e^}t-a 


*.i:{e b } -* {e b « e' b } h 2 :{e a ,e' a } ^ {e a * e",e' a } h 3 -{e a ,e' a } -*• {e„,e'« e"} 


e b ~ e b 


/ ^ 

e a ^ e a 


! n 

e a l-i " e a 


Figure 3: CGic for the running example. 


such that ( 0[ ► c[,o', 0' 2 ► c' 2 ) € R and the following diagram commutes 

0[ — > 6(0 1 ,K,a) 

cr' <r + 

0' 2 ——> S(0 2 ,o(K),a) 

h 2 


• if 0 2 ► c 2 [==> O 2 ► C 2 then a is defined on K, and there are 0\ ► c\ \ > 0[ ► and o' 

h,2 h i 

as in the previous item. 

The greatest such bisimulation is denoted ~i C . We write Oi ► c\ ~£ c 0 2 ► c 2 to mean 

(Oi ► ci, o, 0 2 ► c 2 ) e~ IC . 

The commuting diagram essentially says that o' should never map old events to new ones (or 
viceversa). More precisely, given x e |0^|, we have two cases: 

• hi(x) = new(Oi,K,a), then, by definition, hi(x) is mapped by o + to new(0 2 ,o(K),a), so 
o'(x) = y such that h 2 (y ) = new(0 2 , o(K), a); 

• h 1 (x) = old(Oi,K,a)(x'), for some x', then hi{x) is mapped by o + to old(0 2 , o(K),a)(o(x')), 
so o'(x) = y such that h 2 {y) = old(0 2 ,o(K),a)(o(x')). 


15 



We have the following correspondence between ~ IC and ~ AC . 

Theorem 3.22. ~ic is fully abstract w.r.t. ~ AC in the following sense: 
(*) If O > Ci ~ AC O > c 2 then \0 > cj ~i C \0 > c 2 ]; 

(ii) If 0\ ► ci ~j C 0 2 ► c 2 t/ien for all O > c± and O > c 2 suc/i that: 

(a) JO> ci] = Oi ► ci and [O > c 2 ] = 0 2 ► c 2 ; 

(b) {0>ci)\ dom ( a) = {0>c 2 )°(T; 


we have O > ci ~ A c O > c 2 . 


Statement ( 1 ) is self-explanatory. Statement ( ii ) says that if we have two equivalent minimal 
P-markings 0\ 


' c i ~ic ^2 ► c 2 and we take any two P-markings O > c 1 and O > c 2 whose minimal 
versions are 0± ► ci and 0 2 ► c 2 respectively ((ii) (a)), these are equivalent provided that local events 
matched by a have the same global interpretation as events of O ((ii)(b)). 


3 . 4 . Immediate causes CG with symmetries 

The final step is to introduce symmetries over states of CG. Given an abstract poset O, a 
symmetry over O is a set $ of automorphisms O-^O (called just permutations hereafter) such that 
id e $ and it is closed under composition. This section is an adaptation of the work in [2lj, [l9[ on 
the set-theoretic version of HD-automata for the 7 r-calculus. 

We now motivate the introduction of symmetries. We say that two CGicS are isomorphic when 
there is a bijective correspondence w between their P-markings and, for each P-marking O ► c of 
the former such that ui(0 ► c) = O' ► c', transitions from O' ► c' can be obtained from those of O ► c 
via an isomorphism. In the case of ordinary labeled transition systems (LTSs), one can compute 
minimal versions w.r.t. bisimilarity, where all bisimilar states have been identified. Bisimilar LTSs 
have isomorphic minimal versions, so we may use any of them as canonical representative of the 
class of bisimilar LTSs. This cannot be done for CGicS, because of the following fact. 


Proposition 3.23. There are minimal CGicS that are ~ic-bisimilar but not isomorphic. 


Example 3.24. Consider the P-marking {e a ,e' a j ► {{e a } t- si, {e^} f- s 2 ) of Example 3.19| and its 
looping transitions. Take another P-marking {e a ,e' a } ► {{e a } 1 - s' 1: {e' a } 1 - s' 2 } with the following 
transitions 


{e Q }i-a 

{e a ,e' a } + {{e a } t- s[,{e' a } i- s' 2 } 

{e'a}^~ a 


hi-{e a ,e' a } 

&CL 


i e a =? e" e' } 

II 


h§. {e a ,e a } 


e a,e' a 4 e") 

ff 


Notice that we have ft .4 = h 2 and /i 5 = /i 3 o 0 , where </> switches e a and e' a . 

Suppose we want to find a minimal realization of these CGs. They are not isomorphic, in the 
sense that there is no permutation on {e a ,e' a } that, applied to labels and composed with history 
maps, turns transitions of the former CG into those of the latter. However, we have 

{ e a ,e' a } ► {{e a } h si,{<) h s 2 } ~)f c {e a ,e' a } ► {{e a } h s[,{e’ a } 1 - 4) , 
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so these states should be identified in some way. This way is provided by symmetries: minimal 
behavior, according to ~ IC s, is invariant under </>, so we can identify those P-markings, provided 
that the resulting state is annotated with <f> and possibly other permutations that fix the state. 

The same argument applies when considering versions of the same CGic that only differ for the 
choice of history maps: if = si and s' 2 = S2 in the P-marking {e a ,e' a }^-{{e a } h s) , {e' a } h s' 2 } above, 
then the P-marking {e a ,e^} ► {{e a } h s[,{e' a } 1 - s 2 } is bisimilar to itself under the permutation 
<j>. This has a practical consequence: when constructing the CGic for a given net, one should not 
spend computational effort in computing the “right” history maps, because the choice of history 
maps does not affect bisimilarity and thus minimal models. 

Definition 3.25 (Minimal P-marking with symmetry). A minimal P-marking with symmetry is a 
triple O ►$ c, where O ► c is a minimal P-marking and $ is a symmetry over O such that c</> = c, 
for all <fi € <E>. 

Symmetries allow us to remove some transitions from CGic: we can only take one representative 
transition among all the symmetric ones, i.e., those whose observable causes and history maps only 
differ for some permutations in the symmetries of source and target states. 

Definition 3.26 (Symmetric transitions). Given O ►$ c, O' ► c' and two transitions 

CT h .iCi i-a 1 / 

0>-cf=^0 ►c 0>-c\=^=^0 ►c 

hi h-2 

they are symmetric if and only if there are 4> € $ and <f>' e $' such that I \2 = 4>{K\) and the following 
diagram commutes 

O' J±+8(0,K U a) 



O' ——> 6(0, K 2 , a) 

We write and (hi) for a canonical choice of I\ and h among those of all the symmetric transitions. 
Actually depends on the considered symmetries $ and but they are omitted to simplify 
notation: they will always be clear from the context. 

Definition 3.27 (CG ICS ). The CG lc with symmetries (CG ICS ) is the smallest CG generated by 
the following rule 

0 + c\^0' + c' 

h 

O ►$ c > O' d 

m 

The notion of bisimulation is analogous to IC-bisimulation. However, P-markings are required 
to simulate each other only up to symmetries. More specifically, when comparing Oi Ci and 
O 2 ^$2 c 2 under a mediating map cr, for each permutation in $1 and each transition of the first 
P-marking, we have to find a permutation in $2 and a transition of the second P-marking. The 
correspondence between observable causes and between history maps must be as in IC-bisimulations, 
but the action of mediating maps is changed according to the considered permutations. 
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Definition 3.28 (Immediate causes bisimulation with symmetries). An immediate causes bisim¬ 
ulation with symmetries R (iCS-bisimulation in short) is a ternary relation such that, whenever 
(Ol Cl, <7, O 2 ►5>2 C2) 6 R- 

• <7 is a partial isomorphism from Oi to O 2 ; 

• for each <f>\ e $1 and Oi ci ||===> 0} ► $' c/, a is defined on (j>\ (K) and there are </>2 e $2 

hi 1 

and O 2 C 2 I 2 > 0' 2 ►$' C 2 such that: 
h 2 2 

- I < 2 = 7(Ad), for 7 = 02 1 o cr o 0 i; 

— there is o' such that (0( ►$» c\ ,o'.0' 2 ► $' c r 2 ) e R and the following diagram commutes 

0[^US(0 1 ,K 1 ,a) 

a' 7 + 

0 2 —-—> d(C> 2 ) A 2 , a) 

h> 2 


(and viceversa) 

The greatest such relation is denoted ~ics and we write Oi ► $! Ci ~j CS O 2 ►•Sa C 2 whenever (Oi ►$ 1 
ci,cr,0 2 ► ci) € ~ICS- 

As mentioned, symmetries allow computing minimal realizations, where all bisimilar P-markings 
are identified. More precisely, we can identify ~ IC s-equivalent P-markings, namely 0 1 ci and 
O 2 ►ia c 2 that are related by ~j CS , for some cr. Then er becomes part of the state symmetry. Actually, 
o is a permutation between subposets of 0\ and O 2 , but it can be shown that all ~ IC s-equivalent 
P-markings have the same poset of observable events on which a is defined. This means that o is 
indeed a permutation on that poset. 

Definition 3.29 (Minimal CGics)- The minimal CGics is defined as follows: 

• states are canonical representatives of ~ics-equivalence, namely 0*-$c such that $ = {o | 3<f>': 
O ►<!,' c ~i CS O ►$' c}; 

• transitions are derived according to [Definition 3.271 


In order to compute the symmetry >I> of a canonical representative O c, we take P-markings 
of the form O ► c and we consider triples where O ►$' c is bisimilar to itself. Notice that <f> may be 
different than some </> e <b, in fact, may not act as the identity of c; with a little abuse of notation, 
O ►$ c stands for a P-marking where every (j) e $ has identical action on c up to bisimilarity. It can 
be proved that we do not need to consider non-canonical P-markings for the computation of $ (see, 
e.g., 0, 5.2]). 


Example 3.30. Consider the CGic of |Example 3.19| It can be regarded as a CGics where all 
states have the singleton symmetry {id}. Its minimal version is depicted in |Figurc 4| Notice that 
the P-marking {e^e^} ►$ 3 {{e Q } 1 - si,{e' a } 1 - S 2 } has a non-trivial symmetry, because we have 


i e a,e' a } ►{id} {{e a } s- Si,{e(J H s 2 } ~ics &a) { e a,e' a } ►{id} {{ e a} s- Si, {e' a } h s 2 ). 
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{e b }\-b 



{e a }^-a, 

o 

O 

{e' a }\-a 


Figure 4: Minimal CGics for the running example. 


4. Causal case graphs and behavior structures 


In the pioneering work 27| of Trakhtenbrot and Rabinovich, behavior structures have been 


introduced as causal models for Petri nets. In this section we compare them with our causal models. 
We recall a slightly simplified definition. 


Definition 4.1 (Behavior structure). Let Act be a set of action labels. A behavior structure (BS 
in short) is a triple B = (M,P,(f>), where: 


• M is an automaton such that: 


— transitions have the form n —+b m, with a e Act ; 


— all states are reachable from the initial one r; 

— there are no oriented cycles, i.e., sequences of transitions where the first and last state 
coincide; 

— there are no parallel edges, i.e., n n m and n rn implies a-b. 


• P is a family P n of Act-labeled posets of events, one for each state n of M (for the root state 
r we must have P r = 0); 

• </> is a family of labeled posets morphisms: for each pair of states n and m such that n —*b m 


— 4>n,m is an isomorphic embedding of P n as a prefix of P m ; 

- \P m \ \ \(f>n,m.(Pn)\ = {e a }, for some event e; 

In a BS, each state n has a poset P n over labeled events, describing causal dependencies among 
occurrences of actions that led to n. For each transition n m we have a map telling the 

correspondence between P n and P m : P n is required to be isomorphic to a prefix of P m because it 
should specify causal dependencies for all the previous actions. The only additional event in P m 
represents an occurrence of the most recent action a. 
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The associated notion of behavioral equivalence is called BS-bisimilarity. In 27|, this equivalence 
compares two different behavior structures. Here states belong to the same behavior structure. 

Definition 4.2 (BS-bisimulation). Given a behavior structure B, a BS-bisimulation on B is a 
relation R on triples such that, whenever (ni,a, n. 2 ) e R' 

• (7 is an isomorphism between P ni and P n2 ; 

• if n\ —*b rrii then there exist m2.,a' such that 712 —*b m 2 with (mi, a' ,m 2 ) e i? and the 
following diagram commutes 


ni 




"2 


P _i. P 

J m 1 , • 1 m2 


(and viceversa) 

The greatest such relation, denoted ~b s , is called BS-bisimilarity. 


Notice that states are related by BS-bisimulations up to an isomorphism of their posets. This 
is because the actual identity of events should not matter when comparing states. Only the causal 
dependencies between occurrences of actions are relevant. BS-bisimilarity has been called history 
preserving bisimilarity 0 in later work. 


4-1. Relationship with causal case graphs 

When used to represent the behavior of Petri nets, states of behavior structures are states of 
deterministic, non-sequential processes equipped with information about the past history of events. 
They can equivalently be seen as tokens equipped with causal information (see, e.g., 18]). Therefore, 
we will consider behavior structures over causal markings. This will enable a more direct comparison 
with our causal case graphs. 

We characterize a sub-LTS of CG c that is equivalent to a BS. 


Definition 4.3 (Reachable CG c ). The reachable CG c (CG£) is defined as follows: 

• it has an initial P-marking 0 > 0 f- mo, where mo is an initial marking for N ; 


• transitions are only those reachable from 0 > 0 h- mo- 

CGc enjoys some properties that allow us to define a BS on top of it. 

Lemma 4.4. 


(i) Each state O c > c of CG J has a unique possible poset, i.e., for any other state O > c we have 
O = O c ; moreover, we have \O c \ = JG(c). 

( ii ) CGf. does not have parallel transitions and directed cycles. 

Proposition 4.5. The triple Be - ( M c ,(f c ,P c ) is a behavior structure, where 
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• M c is the smallest automaton generated from CG' c via the following rule 


K\-e a „ , 

Or > C -► Or' > c 


* B c C 


• P c - {O c | O c > c is a state of CG' c }; 

K\-p 

• ■ O c ^ Oc' \ O c > c -A Oc' > c'}. 

We have the following relation between ~ c and BS bisimilarity. 

Theorem 4.6. Let Ci,C 2 be states of B c . Then 
( i ) If O > Ci ~c O > C 2 and there is an isomorphism a : 0 Cl -*■ 0 C2 fften ci c 2 / 

(m) ci C 2 implies 0 C2 > cicr ~c 0 C2 > C 2 . 

Statement (i) says that two states ci and C 2 in B c with isomorphic posets are ~{, s -bisimilar 
whenever any two P-markings over Ci and C 2 are ~c-bisimilar. Statement (ii) is somewhat dual: if Ci 
and C 2 are ~f, s -bisimilar under an isomorphism er, then we can use a to turn them into ~ c -bisimilar 
P-markings. 

Remark 4.7. The behavior structure we have introduced has some common aspects with CGic: for 
both, posets in states have local meanings; in fact, bisimilarities require explicit mappings between 
posets of simulating states. However, CGic can discard event names along transitions and go back 
to an already visited state, whereas this is explicitly forbidden for BSs. 

5. Background on category theory 

We assume that the reader is familiar with elementary category theory. In this section we recall 
some notions that will be needed in the following. 

5.1. Functor categories 

Definition 5.1 (Functor category). Let C and D be two categories. The functor category D c has 
functors C -»■ D as objects and natural transformations between them as morpliisms. 

Functors from any category C to Set are called (covariant) presheaves. Hereafter we assume 
that the domain category C for presheaves is small , i.e., its collection of objects is actually a set. A 
presheaf P can be intuitively seen as a family of sets indexed over the objects of C plus, for each 
cr.c-*c' in C, an action of cr on Pc, which we write 

p[a] P = Pcr(p) (p e Pc) , 

omitting the subscript P in [cr]p when clear from the context. This notation intentionally resembles 
the application of a renaming a to a process p, namely per. it will, in fact, have this meaning in 
later sections. The set f P of elements of a preslieaf P is 

[P := £ Pc 

C€|C| 

where the sum symbol denotes the coproduct in Set, and we denote by c > p a pair belonging to 
f P. Presheaf categories have the following nice property. 

Property 5.2. For any C, Set has all limits and colimits, both computed pointwise. 
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5.2. Coalgebras 

The behavior of systems can be modeled in a categorical setting through coalgebras [HQ- 
Given a behavioral endofunctor B:C -*• C, describing the “shape” of a class of systems, we have a 
corresponding category of coalgebras. 

Definition 5.3 (B-Coalg). The category B-Coalg is defined as follows: objects are B-coalgebras, 
i.e., pairs (X,/i) of an object X e |C|, called carrier , and a morphism h: X —>■ B A', called structure 
map ; B-coalgebra homomorphisms f.(X,h) -*■ ( Y,g ) are morphisms f:X -*Y in C making the 
following diagram commute 

X —^4 BX 

f Bf 

Y -r BY 

g 

For instance, given a set of labels L, consider the functor 


Bfits Rf(L x ) 


where Vf- Set -*■ Set is the finite powerset functor , dehned on a set A and on a function h-A -*■ A' 
as follows 

V f A := {B Q A \ B finite} Vfh(B) := {fc(6) | 6 e B} 

Bfits ~coalgebras (X 7 h) are finitely-branching labeled transition systems , with labels L and states X. 
The function h(x) returns the set of labeled transitions x -fi- y such that ( a,y ) e h{x). Homomor¬ 
phisms of f?j/ ts -coalgebras are functions between states that preserve and reflect transitions. 

Many notions of behavioral equivalence can be defined for coalgebras (see EH)- We adopt the 
one by Hermida and Jacobs and we simply call it B-bisimulation. To introduce it, we need some 
preliminary notions. A (binary) relation on X e |C| is a jointly-monic span X <- R -*■ X in C. An 
image of a morphism f:A-*-C is a monomorphism m-B >* C through which / factors, such that 
if / factors through any other mono B' C, then B is a subobject of B'. The factoring morphism 
A -> B is called cover. In Set all these notions become the usual ones: a relation R is a binary 
relation on A' and the span is made of left/right projections; the image of / is f(A) ^ C , and its 
cover is / with restricted codomain f(A). Given a relation R on A, the relation lifting BR is the 
image of the morphism BR -*■ B(X x X) -> BX x BX , taking A to a relation on BX. 

Definition 5.4 (H-bisinmlation). Given a .B-coalgebra (X, h ), a B-bisimulation on it is a relation 
R on X such that there is r making the following diagram commute 


X 4- 

R 

- >X 


r ! 



fir 

— 


BX 4- BR -r BX 


The greatest such relation is called B-bisimilarity. 

A B/its-bisimulation I? on a Bfi ts -coalgebra is an ordinary bisimulation on the corresponding 
transition system. In fact, BR is the set of pairs (Xi,X 2 ) e BX x BX such that ( l,x') e X\ only if 
there is some (l 7 (x' 7 y')) e BR , but then we also have ( l,y' ) e X 2 and (x',y') 6 R (the symmetric 
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statement holds if ( l,x') e A 2 ). Clearly r exists if and only if R is a bisimulation, and is given by 
(x,y) e i? >->• (h(x),h(y)). 

An important property of categories of coalgebras is the existence of the terminal object; the 
unique morphism from each coalgebra to it assigns to each state its abstract semantics. The ideal 
situation is when the induced equivalence, relating all the states with the same abstract semantics, 
agrees with S-bisimilarity. A sufficient condition for this property is when B covers pullbacks. 

Property 5.5 ( B covers pullbacks). Consider a cospan Xi -*■ X 3 <- X 2 , and the morphism m from 
the image of the pullback (the left square below) to the pullback of the image 

X 1 

S X 

P > x 3 

X X 

X 2 

Then B covers pullbacks if m is always a cover. 

For the best-known Aczel-Mendler bisimulations, defined as spans of coalgebras, the condition on 
B that guarantees the agreement of behavioral equivalences is more demanding: B should preserve 
weak pullbacks. The finite powerset functor on Set preserves weak pullbacks, but other finite 
powerset functors do not, for instance the one on presheaves that we will use, which instead covers 
pullbacks. This motivates our preference of Hermida-Jacobs bisimulations over Aczel-Mendler ones 
(another important reason for this will be explained in lsection 61) . 

A sufficient condition for the existence of the final coalgebra is that B is an accessible functor 
on a locally finitely presentable category (see @, [ 2 ^, [lj for details). A category C is filtered if each 
finite diagram is the base of a cocone in C; filtered categories generalize the notion of directed 
preorders, that are sets such that every finite subset has an upper bound. For any category D, a 
filtered colimit in D is the colimit of a diagram of shape C, i.e., a functor C D, such that C is a 
filtered category. 

Definition 5.6 (Locally finitely presentable category). An object c of a category C is finitely 
presentable if the functor Homc(c,-):C -»■ Set preserves filtered colimits. A category C is locally 
finitely presentable if it has all colimits and there is a set of finitely presentable objects X £ |C| 
such that every object is a filtered colimit of objects from X. 

For instance, locally finitely presentable objects in Set are precisely finite sets. Set is locally 
finitely presentable: every set is the filtered colimit, namely the union, of its finite subsets and the 
whole Set is generated by the set containing one finite set of cardinality n for all n e N. 

For functor categories we have the following. 

Proposition 5.7. For each locally finitely presentable category C and small category D, the functor 
category C D is locally finitely presentable. 

In particular, since Set is locally finitely presentable, we have that the presheaf category Set D 
is locally finitely presentable as well. 

Definition 5.8 (Accessible functor). Let C and D be locally finitely presentable categories. A 
functor F: C -»• D is accessible if it preserves filtered colimits. 
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Here are some useful properties of accessible functors: their products, coproducts and composi¬ 
tion is accessible as well; adjoint functors between locally finitely presentable categories are accessi¬ 
ble. Moreover, it is a well-known fact that the finite powerset functor Vf introduced in lsection 5.21 
is accessible. 


5.3. Coalgebras over presheaves 

Coalgebras for functors R:Set c -*■ Set c are pairs (P, p) of a presheaf P:C -*■ Set and a natural 
transformation p. P -*■ BP. The naturality of p imposes a constraint on behavior 


p 6 Pc \- 
1/h 


-¥ beh{p) 

UIbp 


P[f]p € P(c') I —rr f beh(p)[a] B p 


Intuitively, this diagram means that, if we take a state, apply a function to it and then compute 
its behavior, we should get the same thing as first computing the behavior and then applying the 
function to it. In other words, behavior must be preserved and reflected by the index category 
morphisms. 

P-bisimulations have a similar structure. A P-bisimulation R is a presheaf in Set c and all the 
legs of the bisimulation diagram in IDcfinition 5.41 are natural transformations. In particular, the 
naturality of projections implies that, given (p, q) 6 Rc and f:c -*■ c' in C, (p[f],q[f]) 6 R{c'), i.e., 
P-bisimulations are closed under the index category morphisms. 


6. Coalgebraic semantics 

In this section we construct a coalgebraic causal semantics for Petri Nets. We first show that the 
notions of lsection 3.21 have a categorical interpretation. Then we translate CG ac into a coalgebra. 

We introduce two categories of Act-labeled posets. Recall that, given a category C, a skeletal 
category is a full subcategory of C such that each object is isomorphic to one of C and two distinct 
objects cannot be isomorphic. 

Definition 6.1 (Category O and O). Let O be the skeletal category of the category of Act-labeled 
posets and their morphisms. The category O is the subcategory of O whose morphisms are order- 
embeddings. 

Taking a skeletal category amounts to choosing one canonical representative of each isomorphism 
class of posets, i.e., using the terminology of lsection 3.21 the objects of O and O are abstract posets. 
The difference between O and O is similar to that between F, the category of finite ordinals and all 
functions, and its subcategory I, including only injective functions (indeed O only includes injective 
morphisms). Presheaves over these categories are used in [l3| to give a coalgebraic semantics for 
the 7r-calculus. 

Remark 6.2. In [7] we have introduced the category P of finite posets up to isomorphisms and 
its subcategory P m with only order-embeddings. The category O can be understood as a comma 
category U i Act, where U: P -*■ Set takes a poset to its underlying set and Act is the constant 
functor mapping every set to Act. Similarly for O, whenever U- P m -*■ Set. 
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Proposition 6.3. The category O is small and has pullbacks. 


The category O lacks colimits, but the ones we are interested in can be computed in O. We will 
be more precise when presenting such colimits. 

We introduce some notation for particular objects and morphisms of O. We denote by [k]i the 
discrete poset with k elements and labeling function l: if k = 1 then we simply write [l] a to assign 
label a to the only event. We write [&]“ for the poset [A]; plus a top element with label a. Two 
maps will be useful: 


[k]i 


HMD r;la T([fc]f) 
-> [*]“ <- 


[ 1 ] 


the left map picks the bottom elements in [fc]“, and the right one picks the top element. 

In O we can use a pushout to compute 5(0, K, a), the associated maps old(0,K,a) and 
new(0,K,a), and the extension a + of a morphism a\0 -*■ O', all defined in Isection 3.21 Given 
O e |0|, let K:[k\i O be the subobject in O picking K within O. Then we have 


[k]i 

KWf) 


K 


40 


-4 O' 


, r 


old(0 ,K,a) 


l>]“-<5(0, IF, a) 


id 


K 


old(O r ,a) 


[k]? 


OiK)T 


r~ 

-4 5(0,a(K),a) 


new(0,K,a)=K a oj([k]?) (1) 


Explicitly, 5(0, K, a) is constructed as follows: the disjoint union of O and [A;]”' is made, and then 
the bottom elements of [fc]“ and the causes K are identified, resulting in O plus a fresh a-labeled 
top event for K\ the transitive closure of this relation gives 5(0, K, a). Notice that, since K reflects 
order, causes of the fresh event must be incomparable, i.e., they are maximal events in O. This agrees 
with the definition of K in [Definition 3.31 The map a + : 5(0, K,a) -*■ 5(0',a(K),a) is induced by 
the universal property of pushouts: we compute 5(0',a(K),a) via the pushout of 

[k]i<^^[k]?^*0' 

that is the outer pushout in m, and then we define cr + as the mediating morphism between the 
inner and the outer pushout. It can be easily verified that er + indeed acts as described in lsection 3.21 
All these constructions has been given in O but we have the following property. 

Lemma 6.4. The diagram JT|) also exists in O. 

Now we want to turn the computation of 5(0, K, a) into a functorial operation on O. This 
operation can only have O as parameter. The dependency from a and K is removed by adding a 
new event for each set of independent causes and each action. Formally, consider all A'pf&i]?! 

O ,..., K m : [km]i m O. Suppose Act = {ai,..., a n }. Then we can compute 5(0) via the colimit 
shown in |Figure 5| It is the colimit of m cospans with vertex [ki]^. Each cospan is similar to the 
cospan in Q, but its legs include all morphisms -» 5(0), for all a e Act, instead of a 

single morphism for a given a. This means that, for each set of causes Ki, in 5(0) we have fresh 
events labeled by all possible actions. 
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Notice that 6(0) and old(O) do not depend on I\ and a. We can recover new maps as follows 
new(0,K u a) = Kf ° T([&]f 4 ): [1]„ - 6(0) 

Given a morphism a:0 -*■ O', we denote 6(a): 6(0) -*■ 6(0') the corresponding morphism induced 
by the universal property of the above colimit. Since the colimit in |Figurc 5| is formed by many 
diagrams like the inner pushout in 0. by the universal property of pushouts there are unique maps 

e(0,Ki,a):6(0,Ki,a) -* 6(0) . 

Then we can relate 6(0) and each old(0,Ki,a) 

old(O) = e(0, Ki,a) ° old(0, Ki, a)-0 -*■ 6(0) 

and see how each a + “embeds” into 6(a), namely 

6(0, Ki, a) <OK " a) > 6(0) 

SO) 

)') 

' ' ' e(0',a(Ki),a) ' ' 

The intuition is that 6(a) acts as a on old events (as all er + do) and as the specific cr + on new ones. 
Since each er + is an order-embedding (ILemma 6.41) . also 6(a) is, so 6(a) is a morphism of O. This 
means that 6 defines a proper allocation endofunctor on O. 

Example 6.5. Suppose Act = {c,d} and let O be the discrete abstract poset {e a ,e' b }. Then 6(0) 


6(0', a(K,),a) 


-> 6 (( 
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contains new(O,0,c), new(O,0,d), and the following pairs (we omit reflexive ones): 


e a =? new(0,{e a },c) 
e a =? new(0,{e a ,e b },c) 

e' b =? new(0, (e b ), c) 

=? new(0, (e a ,e b },c) 


e a =5 new(0,{e a },d ) 
e 0 netu(0,{e o ,e , b },d) 

e b « new(0,{e b },d) 
e b ^ new(0, {e a ,e' b },d) 


Remark 6.6. Our definition of 6 may not seem the best one, as it generates a new event for 
each possible set of causes and each label, whereas a transition only generates one of these events. 
However, having a functor on O allows us to lift it to presheaves in a way that ensures the existence 
of both left and right adjoint (giving Kan extensions along S) for the lifted functor, and then 
preservation of both limits and colimits, which is essential for coalgebras employing such functor. 
Generation of unused events is not really an issue: as we will see later, it is always possible to recover 
the support of a P-marking, i.e., the poset formed by events actually appearing in it. 

Now we look at the category Set 0 ’ of presheaves on labeled posets. Since O is small it follows 
that Set 0 ’ is locally finitely presentable and has all limits and colimits, in particular products and 
coproducts. The following functors are relevant for us. 


Presheaf of event names. £:0 -»■ Set maps O to the set \0\. Formally 

£= Z Hom 0 ([l] a , -) 

azAct 

where e a € |0| is represented as a morphism [1] 0 -»■ O. The action of £ on a morphism er:0 -+ O' 
gives the function Xe a e £(0).a o e a , which renames the event e a according to a. 

Finite powerset. £?f. Set° -»■ Set°, defined as Vf ° (-), where Vf is the finite powerset on Set. 

Event allocation operator. A:Set° -» Set°, given by (-) o 5. Explicitly, for P :O -> Set and O e |0|, 
A P(O) = P(S(0)). Intuitively, it generates causal markings with additional fresh events. 


Presheaf of labels. £: O -+ Set given by 

C(0) = Act x & f £(0) 

For each O e |0|, this functor gives pairs ( a,K ) of an action a and a finite set of causes K , selected 
among events in O. 

We use these operators to define our behavioral endofunctor. 

Definition 6.7 (Behavioral functor). The behavioral functor B: Set° -*• Set° is 

BP= ^ f (CxAP) . 

To understand this definition, consider a H-coalgebra (P,p). Given O e |0| and p e P(O), po(p) 
is a finite set of triples ( a,K,p'), meaning that p' is the continuation of p after observing K i- a. 
The continuation always belongs to A P(O), because every transition allocates a new event. 

The category H-Coalg is well-behaved: it has a final H-coalgebra, and the behavioral equivalence 
it induces coincides with H-bisimilarity. This is thanks to the following properties. 
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Proposition 6.8. B is accessible and covers pullbacks. 

P-coalgebras can be regarded as particular LTSs whose states are elements of presheaves, i.e., 
pairs O > p. 

Definition 6.9 (O-ILTS). An O -indexed labeled transition system (O-ILTS) is a pair ( P , =►) 
of a presheaf P: O -*■ Set and a finitely-branching transition relation ► £ J p x f £x f P of the 
form: 

0>p=^±S(0) >p' (a,K) e C(0) 

such that, for each morphism a-O -*■ O' in O: 


(i) if O > p- 
c); 


==^S(0) > p' then O' > p[cr] == * -8(O r ) > p'[<5(cr)] (transitions are preserved by 


( ii ) if O' > p[a] ' ►d(O') t> p' then there are V and S(O) > p" such that f'[a] = l, p"[6{c r)] = p' 

and O >p 1 ►d(O) > p" (transitions are reflected by a); 

Now, notice that labels and continuations of O-ILTSs agree with those generated by P, and (i) 
and (ii) say that the transition relation behaves like a natural transformation. Therefore we have 
the following correspondence. 

Proposition 6.10. O-ILTSs are in bijection with B-coalgebras. 

The natural notion of bisimulation for these transition systems is O -indexed bisimulation. 

Definition 6.11 (O-indexed bisimulation). An O-indexed bisimulation on an O-ILTS (P, ►) 

is an indexed family of relations {Rq £ P(O) x P(0)} 0s | 0 | such that, for all (p, q) e Rq : 


(i) if O > p Ak( V <5 (O) > p' then there is S(O) > q’ such that O > q Ak V #(0) > q' and ( p r ,q ') e 
Rg(O ); 

(ii) for all a-O -* O', ( p,q ) e Rq if and only if (p[<r]p, q[cr]p) e Ro'- 


This definition closely resembles that of AC-bisimulations (IDcfinition 3.111) . We have an ad¬ 
ditional condition (ii)| requiring closure under morphisms of O. This is not satisfied by all AC- 
bisimulations, but it holds for the greatest one (IThcorem 3.15j) . We have the following correspon¬ 
dence. 


Proposition 6.12. Let (P,p) be a B-coalgebra. Then B-bisimulations on ( P, p ) are in bijection 
with O-indexed bisimulations on the induced O-ILTS. 


Notice that, unlike Aczel-Mendel bisimulations, a P-bisimulation (namely, a Hermida-Jacobs 
one) needs not be the carrier of a P-coalgebra in order to be a bisimulation. This strong requirement 
is the reason why some O-indexed bisimulations cannot be turned into Aczel-Mendler ones (see 2J, 
3.3, Anomaly]). 

We now show that CG ac can be represented as an O-ILTS. We form a presheaf from P-markings 
as follows. 
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Definition 6.13 (Presheaf of P-markings). The presheaf of P-markings -*■ Set is given by 

.//{O) = {c | O > c is an abstract P-marking} ^//{cr.O -* O') = \{0 > c).0' > (ccr)i,o' 


The action of .M on morphisms needs to apply the closure operator, after renaming the causal 
marking: this guarantees that the result is a proper P-marking. The functor has the following 
useful property. 

Lemma 6.14. ./M preserves pullbacks. 


Intuitively, thanks to this property, if we take c e ,/#( O ) and all subposets O' of O such that 
contains a “version” of c (typically with fewer events) then the set obtained by applying ...W, 
to the pullback of these subposets, i.e., to their minimal common subposet, still contains a version 
of c. This will be essential, in the next section, to compute minimal representatives of P-markings. 
We are ready to translate CGac to an O-fLTS. 


Definition 6.15 (Causal OTLTSac)- The Causal O-fLTS (OTLTSac) ==►) is the smallest 
one generated by the rule 

O > c S(0 , K, a) > c' 

O > c Al ~'V 5(0) > c'[e(0, K, a)] 


This translation does not affect bisimilarities: two states can do the same transitions in CGac 
if and only if they can do the same transitions also in OTLTSac; continuations only differ for an 
order-embedding, but bv lThcorcm 3.151 and [Definition 6.1 1| Hi) the O-indexed bisimilarity and ~ A c 
are closed under order-embeddings. 

We call causal coalgebra the U-coalgebra equivalent to (.#, ► ). We have the following 

theorem, which collects the results of this section, instantiated to the causal coalgebra. 


Theorem 6.16. O -indexed bisimulations on (.-#, ► ) are equivalent to: 


• B-bisimulations on the causal coalgebra; 


• AC-bisimulations closed under order-embeddings. 


In particular, we have that the greatest O-indexed bisimulation, 13-bisimilarity on the causal 
coalgebra and ~ac are all equivalent, thanks to lTheorcm 3.15| These, by [Proposition 6^81 are equiv¬ 
alent to the kernel of the unique morphism from the causal coalgebra to the final one. 

7. From coalgebras to HD-automata 

In order to give a characterization of the causal coalgebra in terms of named sets, we employ 
the results of 10]. Here authors define a symmetry group over a category C to be a collection of 
morphisms in C[c, c], for any c e |C], which is a group w.r.t. composition of morphisms. Then they 
take families of such groups as their notion of generalized named sets. A first result establishes the 
equivalence between these families and coproducts of symmetrized representables, that are functors 
of the form 

^HomcCq,.)/^ 

iel 
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where (fq is a symmetry group over C with domain Cj, and the quotient identifies morphisms that 
are obtained one from the other by precomposing elements of <fq. These functors, in turn, are shown 
to be isomorphic to wide-pullback-preserving presheaves on C, a wide pullback being the limit of 
a diagram with an arbitrary number of morphisms pointing to the same object (pullbacks are a 
special case, with two such morphisms). The described results are summarized in the following 

theorem from [ 13 - 

Theorem 7.1. Let C be a category that is small, has wide pullbacks, and such that all its morphisms 
are monic and those in C[c,c] are isomorphisms, for every c € |C|. Then every wide-pullback- 
preserving Pe|Set c | is equivalent to a coproduct of symmetrized representables. 


Our category O satisfies the hypothesis of this theorem: it is small and has wide pullbacks due 
to the existence of pullbacks. In fact, the diagram of a wide pullback in O is formed by a finite 
number of morphisms, because a finite poset always has a finite number of ingoing poset-reflecting 
monomorphisms, so its limit can be computed via binary pullbacks. Moreover, O has only monos, 
as order-embeddings are always monic, and 0[O, O ] clearly has only isomorphisms, for each O e |0|. 
Finally, our presheaf of causal markings preserves (wide) pullbacks (ILcmma 6.141) . so there exists 
an equivalent coproduct of symmetrized representables. 

ITheorem 7.11 indeed describes an equivalence between pullback-preserving presheaves and fam¬ 
ilies, which induces one on coalgebras. We shall now investigate this point. Let Set® be the full 
subcategory of Set® formed by pullback-preserving presheaves. We have that our behavioral endo- 
functor B indeed defines an endofunctor on Set®. 


Proposition 7.2. All the endofunctors on Set® 

c +® 

on Set c . 


Definition 6 .7 can be restricted to endofunctors 


Let B 0 : Set® -> Set® be the restricted behavioral endofunctor. The causal coalgebra is clearly a 
.Bo-coalgebra. Restricting to Set® does not affect the final coalgebra: R-Coalg and R 0 -Coalg have 
the same final object and final morphisms from common objects. In fact, the terminal sequence 
starts from the final presheaf 1, pointwise defined as the singleton set, which trivially preserves 
pullbacks, and goes through B n ( 1) = B™( 1), for any n. 


Corollary 7.3 (of ITheorem 7. ill . Let B be the behavioral endofunctor on families defined by lifting 
all functors in \Definition 6. 7| along the equivalence. Then the category B 0 -Coalg is equivalent to 

B-Coalg. 


In particular, the equivalence relates the final R 0 -coalgebra and the final R-coalgebra, and their 
final morphisms. Moreover, since kernels are preserved by equivalence, identifications made by the 
final morphisms are preserved, hence behavioral equivalence is preserved too. 

Now that we have proved that our categorical setting is suitable for HD-automata, we can 
translate the causal coalgebra to a HD-automaton. We adopt the definition of HD-automaton given 


11]: a HD-automaton is a(ny) coalgebra over a named set. We introduce a notion of named set 


closer to a more traditional one, but indeed equivalent to the families mentioned above. Given a 
set S of morphism and a morphism a in O, we write S o a for the set {r o a | r € S} (analogously 
for er o S). 


Definition 7.4 (Category Sym(O)). Let Sym(O) be the category defined as follows: 
• objects $ are subsets of O[0,0] that are groups w.r.t. composition in O; 
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• morphisms $1 -> $2 are sets of morphisms <7 o <fq such that cndom(Qi) -* dom(& 2 ) and 

$2 0 O’ £ (T o $ 1 . 

Definition 7.5 (Category O-Set). The category O-Set is defined as follows: 

• objects are O -named sets, that are pairs N - (Qn,Gn) of a set Qn and a function Gn'.Q jy -*• 
\Sym(0)\. The local poset of q e Q N , denoted ||g|, is dom(a), for any a 6 Gjv(q). 

• morphisms f:N-+M are O -named functions, that are pairs (h, £) of a function h: Qn -* Qm 
and a function £ mapping each q e Q N to a morphism Gm(^(<?)) -»• Gj^(q) in Sym( O). 

In the rest of this section we give an explicit description of the 0-named set produced from 
.M by the equivalence. Its elements will be minimal P-markings with symmetries. We will show 
that the translation from P-markings to minimal ones with symmetries is achieved via categorical 
constructions. We need the notions of support, seed and orbit. 

Definition 7.6 (Support and seed). Given O > c, its support, denoted supp(c), is the wide-pullback- 
object of the following morphisms 


{< 7 : O' -*■ O | 3 O' > c ': c'\a] = c} 


Let £ c be the embedding supp(c) O given by the pullback. Then the seed of c, denoted seed(c), 
is the unique element of ^(supp(c)) such that seed(c)[£ c ] = c. 

As shown in 011 !, preservation of pullbacks by is essential to ensure existence and unique¬ 
ness of seeds. The seed operation achieves the first two properties of minimal P-markings (see 
[Definition 3.16|) : seed(c) just contains immediate causes for each token and supp(c) contains all 
and only those causes. This is illustrated by the following example. 

Example 7.7. Consider the following P-marking for the running example 


{e Q * e' a , e" a 4 e'"} > {{e Q , e'J h 8 l ,{e", e'J} h s 2 } 


which is reachable after firing t\ and £2 twice. The set of morphisms of IDcfinition 7.61 has four 
elements 


fi,f 2 -{e a 4 e' a ,e"j -* {e a 4 e' a ,e" 4 e'J} h,U{e a ,e'J i e a =$ e' a ,e" 4 e'J} 


fi = 

e'a e” 
In fact, we have 


/2 = 


({e Q =? e' a ,e'J} c> {{e a ,e' a } h si,{e") 1- s 2 }) [/1] j 
({e Q =? e' a , e'J > {{e"} f- Si,{e a ,e’ a } h- s 2 }) [h\ 
({ e a, e'a.} > {{ e a} H s l> { e 'a} H S a}) [/s] 

({e a , e'J > {{e'J h si, {e a } s- s 2 }) [/ 4 ] 


fs - 


/4 = 


r ^ ^ ///i ^ r r / , r n in\ , -i 

= {e a 4 e a ,e a 4 e a } > |{e 0 ,e Q } h si,{e a ,e a } h- s 2 } 
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Recall that each [/,;] = is a function that, when applied to a P-marking, replaces events 

according to /,; and then down-closes the result w.r.t. {e a < e(,,e" =? e"'}. It is easy to check that 
the pullback object of all four nrorphisms is {e a ,e' a }, so the corresponding seed is 

{e a ,e' a j > {{e a } h si,{e a } h s 2 }. 

Notice that two events have been discarded, because they are not immediate causes. 

Definition 7.8 (Orbit). The orbit of O > c is 

orb(c) = {c[u] ] a e 0[0, 0 ]} 

We denote by [c]° a canonical choice of an element of orb(c). 

The orbit of c is the set of causal markings obtained by applying to c all functions induced 
by poset automorphisms. Automorphisms are isomorphisms, so taking a canonical representative 
for this orbit achieves the third requirement of minimal P-markings: it amounts to applying the 
operation [ O t> c]=,, i.e., choosing a representative of isomorphism classes for O > c. 

Definition 7.9. The O-named set of minimal P-markings is (M, Gm), where 

M = {supp(c) ► [seed(c)]° | O > c e J } 

Gm = AO ► c.ld* e |Sym(0)| | dom($) = O a Vct e $ : c[a] = c} 

The set M is produced from elements of for each of these, we compute the seed, and then we 
only take the canonical representative for the seed’s orbit. As explained, the final result is indeed a 
minimal P-marking O ► c. This P-marking is associated a symmetry by Gm, namely <£> = Gm(0 ► c), 
so it becomes the P-marking with symmetry O c. 

The derivation of an HD-automaton on (M, Gm) in R-Coalg from the causal coalgebra, along 
the equivalence, is the category-theoretic counterpart of the derivation of CGics from CG A c- The 
correspondence between CGicsS and coalgebras over named sets is analogous to the 7r-calculus case, 
where we have set-theoretical HD-automata on one side 0 and categorical ones, namely coalgebras 
over named sets, on the other side. The correspondence for the 7r-calculus has been worked out in 
1,0, and the theory introduced therein seems robust enough to accommodate different notions 
of named sets such as ours. In particular, functors used to define coalgebras over named sets, such 
as powerset and allocation functors, should be very similar to those defining B. 

We briefly illustrate the R-coalgebra for the running example. The O-named set (M, Gm) is 
as follows: M includes all P-markings in |Figure 3[ and Gm returns the symmetry {id} for each of 
them. Transitions are represented as a O-named function (h, £): (M, Gm) B(M,Gm), where h 
maps each state O ►{m} c to its label and continuation, and £(0 ►{id} c ) encodes all history maps 
for outgoing transitions. 

We leave a deeper investigation of the category of O-named sets and of B-coalgebras for future 
work. 


8. Conclusions 

In this paper we have introduced an approach to derive compact operational models for causality 
in Petri nets. In order to do this, we have constructed a labeled semantics of Petri nets in terms 
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of causal case graphs, and we have given a procedure to refine them in order to get minimal, 
possibly finite-state, representations. We have then modeled causal case graphs in a categorical 
setting, exploiting a nominal representation of causal relations: they are modeled as posets over 
event names with action labels. Our categorical treatment is simpler and more natural than the 
set-theoretic one, and employs standard constructs and results for nominal calculi, namely presheaf- 
based coalgebras and their equivalence with HD-automata. In particular, reducing the state-space 
and showing that this operation preserves the semantics require some technical effort in the set- 
theoretic version, whereas the categorical version employs a general construction that automatically 
performs this reduction in a semantics-preserving way. 

Our approach has a practical significance: we show how to synthesize HD-automata from Petri 
nets, and how to compute minimal realizations for them, in order to detect bisimilar states. As 
mentioned, minimization of HD-automata is possible in many cases. Even if our approach does not 
actually provide a way to minimize nets themselves, one can still decide bisimilarity of markings by 
minimizing their reachable HD-automata and matching the results. 

Finally, our contribution is also methodological: we provide a further example in which the 
presheaf/HD-automata framework is successfully applied. We emphasize that this framework is 
highly parametric and can possibly be useful in many other cases. 


8.1. Related work 

This paper follows a line of research on coalgebraic models of causality, started in Q by the same 
authors. The categorical machinery is the same in both papers, namely presheaf-based coalgebras, 
HD-automata, and the equivalence among them. However, this paper takes a further step towards 
a general categorical theory of causality. In jz}, in fact, we have provided models for a particular 
class of causal LTSs, namely Degano-Darondeau ones. In this paper, instead, we treat Petri nets, 
which are much more general. For instance, unlike Degano-Darondeau LTSs, Petri nets can describe 
synchronizations of more than two processes. 

In [l] we start from existing set-theoretic models, similar to abstract CGs, whereas the models 
we introduce here are novel. In both papers we represent causal dependencies as posets over events, 
but in |7| events are unlabeled and are canonically represented as natural numbers. Here we have 
labels and we take a more general approach: instead of choosing specific representatives of events, 
we make abstract CGs parametric in this choice. This requires more technical work and it further 
validates the categorical approach, where book-keeping details are abstracted away. The categorical 
environment in this paper is more elaborate than [7], due to labeling. In particular, event generation 
is more complex, and is studied in greater detail. Another difference is that here we give conditions 
under which the model with only immediate causes is finite, whereas in Q decidability is not 
treated. 

A first version of HD-automata for Petri nets, called causal automata , has been introduced in 
[18]. However, their construction is purely set-theoretical and does not include symmetries, so the 
existence of a minimal model is not guaranteed. This version of HD-automata is similar to what we 
call immediate causes CG (without symmetries). HD-automata with symmetries were developed for 
the 7r-calculus in 21 ,0, and a general categorical treatment was provided in [ll[ . In all these cases 
nominal structures associated to states are just a sets of (event) names, whereas we have posets, 
which are more adequate to represent causal dependencies. 

We can cite [§] for the introduction of transitions systems for causality whose states are elements 
of presheaves, intended to model the causal semantics of the 7r-calculus as defined in [§:]. However, 
the index of a state is a set of names, without any information about events and causal relations. 
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The advantage of our index category is that it allows reducing the state-space in an automatic way, 
exploiting a standard categorical construction. This cannot be done in the framework of Finally, 
an HD-automaton for causality has been described in jTT| , but it is derived as a direct translation 
of causal automata and its states do not take into account causal relations. 

H,®, where event structures have been characterized as (contravari- 


Other related works are 


ant) presheaves on posets. While the meaning of presheaves is similar, the context is different: we 
consider the more concrete realm of coalgebras and nominal automata. A more precise correspon¬ 
dence with such models should be worked out. 


8.2. Future work 

Logics for causality have been recently studied in |5|. As future work, we would like to understand 
whether they can be captured in our coalgebraic setting. Another open research question is how 
to obtain coalgebraic models for other notions of causal bisimulation, such as hereditary history 
preserving bisimulation. 
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A. Proofs 


We first introduce some technical lemmata. Then we give proofs for the claims in the paper. 
A.l. Additional lemmata 

Lemma A.l. Let 0i,0 2 be finite Act-labeled posets and let cr.O\ -* 0 2 be an order-embedding. 
Then: 

K\-e a cr (^) l_e a / 

( i ) Oi > c- S(Oi,K,e a ) > c' implies O 2 > (ca)io 2 -*■ 0' 2 > (c'cr[ e a/e a ])l,o', for any 

e' £ Xo 2 , with O r 2 = 6(0 2 ,cr(K),e' a ); 

K\-p .fCVe* 

(ii) 0 2 > c -^ S(0 2 ,K,e a ) > d implies 0\ > c" -* 8(Oi,K',e' a ) > c ,n , with c"cr = c, 

cr(K') = K and c"V[ e %' a ] = d, for any e' £ Xo 1 - 

K\-e a 

Proof. We prove item (i), the other one is analogous. Suppose 0\ > c- S(Oi,K,e a ) > c' is 

derived from the rule of [Definition 3.31 as follows 

teT |ci| = m t a=l(t ) e£Xo 1 K = maxc^ <XL(c\) 

K\-e a 

Oi > ci uc 2 --> 8 (Oi,K,e a ) > (JP(ci) u {e 0 } h f) u c 2 

where c = Ci u C 2 and d = (JT(ci) u {e a } h t m ) u c 2 . Clearly we have ( ca)io 2 = ( c i cr )lo 2 u ( c 2 &)lo 2 i 
with \(cia)io 2 \ - |ci|, because a only affects events, not tokens. Moreover, it can be easily verified 
that maxo 2 ((ci<r)lo 2 ) ~ er(maxo 1 Jd(ci)) = <j(K). In fact, causes of (cicr)fo 2 are: those of Ci<r, 
related exactly as their counterimages, due to er preserving and reflecting order; additional causes, 
smaller than those of cicr, added by the closure. Therefore we can again apply the rule as follows 

teT \(cia)lo 2 \ =’t a = l(t) e! £ Xo 2 cr(if) = maxo 2 Jd((cicr)lo 2 ) 

cr(K)\-e' a 

0 2 > (cio-)lo 2 u (c 2 er);o 2 -* 0' 2 > {Jf {{cia)lo 2 ) u {e' a } 1 - P) u ( c 2 a)io 2 

where 0 2 = 8(0 2 ,a(K),e' a ). Now, observe that, by definition of S, we have 

^((cict)Io 2 ) £ ((cicr)lo') {e„}i 0 ' = JP((cio-)lo') u {e' a } 


which implies 


((cia)lo 2 ) u {e' a } h P = (jr(cio-) u{e^})lo' •- ** 

= {Aff (ci) u {e a })a[</e a \l 0 ' 2 h t* 

= (JP(ci) u {e 0 } H t*)cr[ e a/e a ]| 0 ' 

From this equation, and from (c 2 cr)f.o 2 = (c 2 cr[ e a/e a ])f.(9' 1 because e a £ Jd(c 2 ), it follows that the 
continuation derived from the above rule has the required shape. □ 

Lemma A.2. Let a'.O -* O' be an isomorphism. Then O > c\ ~ c O > c\ implies O' > c±a ~ c O' > 
c 2 a. 
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Proof. We will prove that the following relation is a C-bisimulation 

Ro> - {{O' > cicr, O' > c 2 a) | O > ci ~ c O > C 2 ,cr :O O' is an isomorphism} 

Take {O' > cict, O' > C 2 ct) e Rq> and 

O' > ci a AVe '°> 5(0', AT', e^) > ci 

We have to find a simulating transition of O' > C 2 CT. Let e £ Xo- We can annlv [Lemma 3.9l using 
the isomorphism cr —1 [ e “/ e o]' and S et 

O > cr (A)l ~ £ °> 5(0,cr _ 1 (A'),e a ) > 4 <7_1 [ e %«] 

Since O > ci ~c O > C 2 , there is a simulating transition 

0 >c 2 -——^ d( 0 ,CT _ 1 (/v),e a ) > ci . 

Applying again [Lemma 3 .91 with a[ e 'o./e a ] to this transition, we get 

O' > c 2 cr A °> 8(0' ,K' ,e' a ) > cicr[ e 'a/e a ] . 

This is the required simulating transition. In fact, since 

8(0,a~ 1 (K),e a ) > 4 <7 ~ 1 [ ea / e 'J ~ c S(0,cr^ 1 (K),e a ) > 4 
and <r[ e a/e a ] is an isomorphism, by definition of Ro' we have 

( 8(0', K', e' a ) > 4 , 6(0', K', e' a ) > c' 2 a[e a /e a \ ) e R C y ■ 

□ 

Lemma A.3. Let O > ci and O > c 2 be abstract P-markings. Then O > ci ~c O > C 2 if and only if 

O > Cl ~AC O > c 2 . 

Proof. We show the left-to-right implication, the other one is analogous. We prove that the following 
relation is an AC-bisimulation 

Ro = {{O > ci,0 > c 2 ) | O > ci ~c O > c 2 ) 

Take ( 0 >Ci, 0 >C 2 )e Ro an d suppose 

O > Ci S{0 , K, a) > c} 

then we must find a simulating transition of O > C 2 - By [Definition 3 .81 the above transition can be 
derived from 

K\-p 

O > ci-^ 8(0, K, e a ) > c" 

with c”old{0, K, e a )[ rae ™( 0 W,ea)/e a ] = 4 . Since O > Ci ~ c O > C 2 by hypothesis, this transition can 
be simulated by 

K\-p 

0>c 2 - ^8(0,K,e a )>c'f . 
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Applying again [Definition 3.81 we get the required transition 

0 > c 2 5(0, K, a) > 4(old(0,K,e a )[^w(o,K,e a )/ ea ])_ 

In fact, from 5(0,K,e a ) > c" ~c 5(0,K,e a ) > c'f, using [Lemma A.2 1 with the isomorphism 
old(0,K,e a )[ new (°’ K ’ e O/e a \, we get 

5(0, K, a) > c[ ~c 5(0, K,a) > C2(old(0,K,e a )[ new (- 0 ’ K ’ e °-)/e a ]) 

and we can conclude that these P-markings are related by Rs(o,K,a )> by its definition. □ 


Lemma A. 4. Let CM—-— O——>Oi be a span in O and let 


O-^O, 


o 2 


r 

■4 O, 


Pi 

3 


be its pushout in P. Then it is also a pushout in O, with 

I03 (x) — 


loAv) x = pi(y) 
io 2 (y ) x = P2(y) 


Proof. In [3, Lemma 8] we have proved that pushouts in P are computed as in Graph, plus 
transitive closure of the pushout object. We will use this fact to prove our claim. 

First of all, we check that lo 3 is well-defined. We only have to verify that its definition is correct 
for x = pi(yi) = P 2 (y 2 )- If pi(yi) = ( 2 / 2 ) then y 1 and 2/2 are images via <71 and <72 of the same 

element of O , by definition of pushout in Graph. Since a± and 02 preserve labels, we must have 
loAyi) = ^ 02 ( 2 / 2 ), so lo 3 (x) is well-defined on x. 

Preservation of labels by pi and P 2 follows immediately from the definition of lo 3 ■ 

Now we prove that the square is indeed a pushout in O. Consider the following situation: 


O-^-rO! 



We have to check that, when q± and q -2 preserve labels, also the unique mediating morphism m, 
as computed in P, does. We prove it by contradiction. Suppose m does not preserve labels, then 
there exists x e Xo 3 such that lo 4 (m(x )) t lo 3 (x). Suppose x is image of y € Xo 3 via p± (the case 
y € Xo 2 and x = P 2 (y) is analogous). Then we have 

lodv) = lo 3 (x) 

* l 0i (m(x )) 

= ioMi(y)) 
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(by pi preserving labels) 
(by hypothesis) 

(by qi = mopi) 
















which implies that q± does not preserve labels, a contradiction. 


□ 


A.2. Main proofs 

Proof of \Lemma 3. (A It is just a corollary of ILcmma A. II □ 

Proof of \Proposition 3.13\ We prove (i), the other point is similar. Suppose 

O > c ^=> <5(0,/\, a) > c'. 

Then, bv IDcfinition 3.8l this transition can be derived from 

O > c __f^. S(0, K, e a ) > c" 

with c' = c"old(0,K, e a )[™w(0,K,e a )/ ea ] i f or an y e ^ Xo- Suppose e f Xo'- Bv ILemma A.lf ih we 
have 

O' t> c<r CT(A) e °> 6(0',<r(K),e a ) > (c"o-[ea/ ea ])4, ^ 0 ',a(K),e a ) 

from which, using [Definition 3.81 we get 

O' c> ccr ( } > S(0',cr(K),a) > (c"a[ e «/e a ])lg(o',cj( K ), ea )^ 

where a; = old(0',a(K),e a )[ new (°'’ a ( K )’ e O/e a ]. We have to prove that the continuation of this 
transition has the required form. 

It is immediate to verify that, for any isomorphism cr-O -> O' and causal marking c such that 
£ |0|, we have 

(ccr)Io' = ciocr 

which, for a = w, implies 

(c"cr[ e <*/e a ])f5(0' l( T(if),e a )W = (c''cr[ e »/e a ]a;)J, ( 5 ( 0 / :Cr (x) iea ) . (A.l) 

Now, observe that, by the definition of <j + we have 

cr\ e *le a \uj = o/d(0,A',e a )[’ l ™(O^A)/ e J(T + 

therefore HA.II) is equal to 

0 c"old(0 , K, e a )[ new (°> K > e O/e a ]o + )ls(0',a(K),a) = (c'<7 + )J.-S(0',cr(if),a) 


as required. □ 

Proof of \Theorem 3.12 1 Both implications can be proved by combining ILcnnna A. 31 and 
ILcmrna A. 21 □ 

Proof of \Theorem 3.22\ This is proved as Theorem 2], where specific choices for abstract posets 
and old and new maps are made in order to accommodate Darondeau-Degano LTSs. The proof is 
exactly the same, where each specific operation is replaced by its general version described in this 
paper. □ 
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Proof of \Proposition 3.18\ Take c e [no). Then its tokens have been created by at most |c| transitions. 
Since we only take immediate causes, i.e., events generated when those transitions were fired, each 
O ► c is such that \0\ contains at most |c| events. O can be any poset on those events but, since 
posets of minimal P-markings must be abstract, there are finitely-many such posets. □ 

Proof of \Lemma 4-41 

(i) Immediately from the fact that any path from 0 > 0 h mo to O c > c builds O c and c 
incrementally, adding one event for each transition. 

(ii) Suppose there are two parallel transitions from O > c to O' > c!, with labels a and b. Then 
O' = 5(0,K,e a ) = 5(0, K' , e£), which can only happen when K - K' and e a = e' b , i.e., when 
the two transitions coincide. 

Suppose there is a directed cycle starting and ending at O > c. Each transition in the cycle 
would add a new event to O, so the final state would be O' > c, with O' a strict superposet of 
O, a contradiction. 

□ 


Proof of Theorem f.6 


( i ) Consider a transition ci -*b c c \ and suppose the corresponding transition in CG£ is 


0 C1 > ci 


K\-e a 


5(0 Cl ,K,e a ) > ci 


Now, observe that there is a trivial embedding of 0 Cl into O. In fact, causes of Ci are down- 
closed w.r.t. both posets, so 0 Cl must be a prefix of O. Then, using iLennna AdT il and the 
embedding 0 Cl O on the above transition, we get 


Ki-e' . , , „ , , „ 

0>c i-* 5(0, I\, e a ) t> Ci [ e a/e a ] 

for any e' £ Xo■ By the hypothesis O > ci ~c O > Ci, this transition can be simulated by 

Ki-e' 

0>c 2 -* 5(0, K, e a ) > c 2 

with 5(0,K,e ' a ) > c[[ e a/e a ] ~ c 5(0,K,e' a ) > c' 2 ■ Using [Lemma A.H ii') on the embedding of 
0 C2 into O, and noting that e' £ Xo C2 , we recover a transition 

K\-e 

0 C2 > c 2 -^ 5(0 C2 , K, e' a ) > c' 2 


and from this, using the rule in [Proposition -1~oj we get C 2 ~+b c c 2 - Bi order to show that this 

transition simulates ci —s >b c c\ , we have to find an isomorphism er ''.Od -*■ O c ' 2 such that the 
following diagram commutes 


o cl ( C1,C1 > Od 


o C 2 f—- > O c ' 2 
9 °2’ c ' 2 


40 





















We can define cr'(x) as <r(x ) if x e |0 Cl | and as e' a if x = e Q . 

( ii ) We want to prove that the following relation is an AC-bisimulation 

r O C2 = {(Oc 2 > cia,0> c 2 ) | ci ~l s c 2 } 

Suppose Ci ~% s c 2 and 

0 C2 > Cj a 6(0 C2 ,K, e a ) > c[. (A.2) 

We have to find a simulating transition of 0 C2 > c 2 . Applying ILcmma 3.9 1 to the last transition, 
with isomorphism a~ , we get 

cr ” 1 (K)\-e' n . 

0 C1 > Cl-- 6(0 Cl ,a-\K),e' a ) > c" 

where c" = c^<r -1 [ e a/e 0 ], for any e' i Xq c . This transition corresponds, via [Proposition 4.5} to 
the following transition in B c 

a n 
Cl * Be C x 

which, by the hypothesis ci ~% s c 2 , can be simulated by 

c 2 b c c 2 (A.3) 


C2,C 2 


£.ef 


with c' x c" such that 

(A-4) 

Now, suppose for simplicity {e a } = |O c ' | x |0 C2 1 (the general case where ]O c '| \ ]0 C2 | contains 
any event fresh w.r.t. 0 C2 requires minor changes). By definition of <jf C2 c , and <fP Ci c „, and by 
(IA.4I) . a' should act as cr on 0 Cl , so a' = <x[ ea /e' a ]. Moreover, since cr' is an isomorphism, we 
have that the maximal causes of e' a , namely cr _1 (A'), are mapped by cr' to the maximal causes 
of e", which then are cr'(cr _1 (A)) = <T(cr -1 (A)) = A', where the first equation follows from 
e' a $ cr 1 (A). Therefore O c ' = S(0 C2 ,K,e a ) and (1A.3I) is derived, using [Proposition 4.5[ from 


K\-e a e/ ^ / 

0 C2 > C 2 -* o(0 C2 , K, e a ) > c 2 

This transition is the required one simulating (IA.2I) . In fact, c" c 2 implies 

(^(I^C 2 > A, e a ) ^ c^ cr , 5(0 C2 , A, c a ) t> cf) e Rs(o C2 ,ic,e a ) 

by definition of A, and for the first P-marking we have c"cr' = c"cr[ e »/e^] = 
(c^cr 1 [ e a/e a ])cr[ e a/e a ] = ci, which is the causal marking in the continuation of (IA.2I) . 

□ 


Proof of \Proposition 6.3 [ Smallness follows from skeletality. In jJ we have proved that pullbacks 
in P m are computed as the category Graph of graphs and their homomorphisms. It can be easily 

/ 9 

verified that, given a cospan 0\ —> O 3 A- 0 2 in O, we can forget labels and compute the pullback 
as in Graph. In fact, the pullback poset O has an element y for each pair of elements x± e Xo ± 
and x 2 € Xo 2 such that f(x 1 ) = g(x 2 ). But then, since / and g preserve labels, we must have 
lOx{xi) = lo 2 (x 2 ) = a, so lo(y ) = a and the pullback maps preserve labels. It is easy to check that 
pullback mediating nrorphisms preserve labels, as they must commute with morphisnrs with such 
property. □ 
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Proof of \Lemma 6.f\ In ( [3, Lemma 8]) we have proved that pushouts of order-embeddings in P 
are commuting squares in P m . Therefore we can compute the two pushouts of 0 in P, take the 
corresponding commuting squares in P m and then use ILemma A. 41 to get labeling functions for 
their bottom-right corners. Diagrams in P m made of label preserving functions are also diagrams 
in O. 

Finally, the fact that er + reflects orders follows from its definition. □ 


Proof of \Proposition 6.8 1 B is obtained by composition and product of accessible functors: 2?$ is 
known to be accessible; £ is accessible, because it can be regarded as a constant endofunctor on 
Set 0 ’; A is accessible, because it has a right adjoint, namely the functor computing right Kan 
extensions along S. 

In order to show that B covers pullbacks, we will show that it has the form o B', with 
B' a pullback preserving endofunctor on Set°. The thesis will follow from covering pullbacks 
(see [25(]). A has a left adjoint, namely the functor computing left Kan extensions along S, then it 
preserves pullbacks; £ can be seen as a constant, hence pullback-preserving, endofunctor on Set 0 ’. 
B' is the product of these two functors, so it preserves pullbacks. □ 


Proof of \Proposition 6.12\ Requirement [Definition 6.11 TmI corresponds to the fact that a B- 
bisimulation R on (P, p ) is a functor and its projections are natural transformations, so we have 
(p,q)[cy]R = (p[<r]p,q[cr]p), for any morphism a in O. Requirement (i) corresponds to the fact 
that RO is “almost” an ordinary bisimulation, because computing BR(0 ) essentially amounts to 
computing Bfi ts (RO ) (see lsection 5.21) for each O € |0|, as images in Set° are computed pointwise 
in Set, with the difference that continuations are not in RO , but in R(SO). □ □ 


Proof of \Lemma 6.14\ We have to prove that if the square on the left is a pullback then so is the 
outer square on the right. 


O- 

j 


pi 


*Oi 


P 2 


0 2 


-> O 3 


y/(o) 


[Pa] 


JH{p 2 ) 


[pi 


Da] 


y 

' 7T l 

ki] 


In the right diagram, let P be the pullback in Set of [<7i] and [ 1 x 2 ], namely 


P = {(ci,c 2 ) I Ci[tJi] = c 2 [cr 2 ]} 

We will show that that the mediating morphism p is an isomorphism, which implies that „-#( O ) is 
a pullback object. 

Take (ci, c 2 ) e P and c = Ci[cti] = C 2 [<T 2 ]. Then these causal markings must be of the form 
Cl — {R 1 Si, . . . , Kn C2 — {Pi Si, ... , Hn -Sti} C — {L\ Si, . . . , L n I— 

because [oq] and [er 2 ] do not affect tokens. Moreover, we must have 

Li = cri(A',;)loi = cr 2 (Pi)io 2 (i = 1,. .. ,7l) 
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by definition of the action of on morphisms, and in particular 

max <71 (if,;) = maxCT 2 (i?j;) = maxo 3 Li 
Oi O2 

because Ki,Hi and Li are down-closed sets, so they coincide with the closure of their maxima. It 
is easy to check that order-preserving and reflecting morphisms preserve maxima, so we have 

ai(maxo 1 Ki) = max<7i(Aj) = max 02 ( 1 ?,;) = 172 (maxo 2 Hi). 

O 3 O2 

Therefore, by definition of pullback in O (computed as in Graph), there are Ji £ \0\ such that 

Pi( Ji) = max Ki p 2 (Ji) = m&xHi (A.5) 

0 1 O2 

and we can define the following causal marking in yJL(0) 

C = { Jl I - Sl,.. . , Jn Sn} 

where Ji = Jdo- 

Now, observe that c'[pi\ = c\ and c'[p 2 ] = C 2 , because (IA.5I) implies pi(Ji)lox = Ki and 
P 2 (Ji)lc >2 ~ Ki- Therefore letting p(c') = ( 01 , 02 ) makes the whole right diagram commute. So far 
we have proved that p is surjective. For injectivity, suppose there is another c" e ^C(O) such that 
p{ c ") = (ci, C 2 ). Since c"\pi\ = c\ and c"\p 2 \ = C 2 , c" is again of the form {M\ hsi,... ,M n 1 - s„j, 
with pi(Mi)\,o 1 = Ki. Since also Ki = p\{Ji)ion Mi and Ji must have the same set X of maxima. 
But then we have Mi = X\,o = Ji 1 so c" = c'. 

□ 

Proof of \Theorem 6.1^1 The first item is just an instance of [Proposition 6.12[ 

For the second item, we shall show that R is an AC-bisimulation closed under order-embeddings 
if and only if it is a O-indexed bisimulation: 

: take (O > c, O > c) e Rq and suppose 

Q>c J ^d(Q)>c'. (A.6) 


Then, bv [Definition 6.151 there is 


0>c^S(0 1 K\a)>c" 

such that c' = c"[e(0, A', a)]. Since R is an AC-bisimulation, there is 

O > c d(0, A, a) > c' 

such that (6(0, K, a) > c",6(0,I\,a) c> c') e R$(o,K,a)- Again bv IDcfinition 6.151 from the last 
transition we get 

O > c ==► 8(0) > c'[e(0, K, a)]. 

This is a simulating transition for (1A.6I) . because (6(0, K, a) > c",6(0,K,a) > c') e R$(o,K,a) 
implies (6(0) > c’,6(0) > c'\e(0,K,a)]) e Rs(o)i by closure of R under order-embeddings. 
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analogous to the previous point. Closure under order-embeddings of R follows from 
IDcfinition 6.11 \ii) 


Proof of\Proposition 7-4 Analogous to the proof of fl, Proposition 8]. 


□ 

□ 
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